Информационная безопасность
[RU] switch to English


Выполнение кода в Cisco Wide Area Application Services, CDS, VDS, CDM
Опубликовано:12 августа 2013 г.
Источник:
SecurityVulns ID:13248
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода через HTTP POST запрос, повышение привилегий.
Затронутые продукты:CISCO : Cisco WAAS
 CISCO : Cisco ACNS
 CISCO : Cisco ECDS
 CISCO : Cisco CDS-IS
 CISCO : Cisco VDS-IS
 CISCO : Cisco VDS-SB
 CISCO : Cisco VDS-OE
 CISCO : Cisco VDS-OS
CVE:CVE-2013-3444 (The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.)
 CVE-2013-3443 (The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.)
Файлы:Cisco WAAS Central Manager Remote Code Execution Vulnerability
 Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород