SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Wide Area Application Services Vendors:   Cisco
Cisco Wide Area Application Services Web Service Framework Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1028851
SecurityTracker URL:  http://securitytracker.com/id/1028851
CVE Reference:   CVE-2013-3443   (Links to External Site)
Date:  Jul 31 2013
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.21 and later 4.x versions, 5.0.x, 5.1.x, 5.2.x
Description:   A vulnerability was reported in Cisco Wide Area Application Services (WAAS). A remote user can execute arbitrary code on the target system.

On systems configured as a Central Manager (CM), a remote user can send a specially crafted POST request to trigger a flaw in the web service framework code and execute arbitrary code on the target system. This can be exploited to obtain administrative access to all devices associated to the vulnerable WAAS CM.

The vendor has assigned bug ID CSCuh26626 to this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (5.0.3e, 5.1.1c, 5.2.1).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm (Links to External Site)
Cause:   Input validation error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco WAAS Central Manager Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20130731-waascm

Revision 1.0

For Public Release 2013 July 31 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iF4EAREKAAYFAlH5ABAACgkQUddfH3/BbTrXBwD/dCyJFiBaFl8ueRogQEkPPut6
yiRBwMzfQ/ZRx2asgrUA/3uLKSo8KYn0M5uRhLzq18GMg1mU8SQfHnXUgN3Yf6XQ
=v7OF
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC