CVE-2013-3444: OS Command Injection
First published: Thu Aug 01 2013(Updated: )
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Virtual Wide Area Application Services | =4.1.1 | |
| Cisco Virtual Wide Area Application Services | =4.1.1-a | |
| Cisco Virtual Wide Area Application Services | =4.1.1-b | |
| Cisco Virtual Wide Area Application Services | =4.1.1-c | |
| Cisco Virtual Wide Area Application Services | =4.1.1-d | |
| Cisco Virtual Wide Area Application Services | =4.1.3 | |
| Cisco Virtual Wide Area Application Services | =4.1.3-a | |
| Cisco Virtual Wide Area Application Services | =4.1.3-b | |
| Cisco Virtual Wide Area Application Services | =4.1.5-a | |
| Cisco Virtual Wide Area Application Services | =4.1.5-b | |
| Cisco Virtual Wide Area Application Services | =4.1.5-c | |
| Cisco Virtual Wide Area Application Services | =4.1.5-d | |
| Cisco Virtual Wide Area Application Services | =4.1.5-e | |
| Cisco Virtual Wide Area Application Services | =4.1.5-f | |
| Cisco Virtual Wide Area Application Services | =4.1.5-g | |
| Cisco Virtual Wide Area Application Services | =4.1.7 | |
| Cisco Virtual Wide Area Application Services | =4.1.7-a | |
| Cisco Virtual Wide Area Application Services | =4.1.7-b | |
| Cisco Virtual Wide Area Application Services | =4.3.1 | |
| Cisco Virtual Wide Area Application Services | =4.3.3 | |
| Cisco Virtual Wide Area Application Services | =4.3.5 | |
| Cisco Virtual Wide Area Application Services | =4.3.5-a | |
| Cisco Virtual Wide Area Application Services | =5.0.1 | |
| Cisco Virtual Wide Area Application Services | =5.0.3 | |
| Cisco Virtual Wide Area Application Services | =5.0.3-a | |
| Cisco Virtual Wide Area Application Services | =5.0.3-c | |
| Cisco Virtual Wide Area Application Services | =5.0.3-d | |
| Cisco Virtual Wide Area Application Services | =4.2.1 | |
| Cisco Virtual Wide Area Application Services | =4.2.3 | |
| Cisco Virtual Wide Area Application Services | =4.2.3-a | |
| Cisco Virtual Wide Area Application Services | =4.2.3-b | |
| Cisco Virtual Wide Area Application Services | =4.2.3-c | |
| Cisco Virtual Wide Area Application Services | =4.4.1 | |
| Cisco Virtual Wide Area Application Services | =4.4.3 | |
| Cisco Virtual Wide Area Application Services | =4.4.3-a | |
| Cisco Virtual Wide Area Application Services | =4.4.3-b | |
| Cisco Virtual Wide Area Application Services | =4.4.3-c | |
| Cisco Virtual Wide Area Application Services | =4.4.5 | |
| Cisco Virtual Wide Area Application Services | =4.4.5-a | |
| Cisco Virtual Wide Area Application Services | =4.4.5-b | |
| Cisco Virtual Wide Area Application Services | =4.4.5-c | |
| Cisco Virtual Wide Area Application Services | =4.4.5-d | |
| Cisco Virtual Wide Area Application Services | =4.4.7 | |
| Cisco Virtual Wide Area Application Services | =5.1.1 | |
| Cisco Virtual Wide Area Application Services | =5.1.1-a | |
| Cisco Virtual Wide Area Application Services | =5.1.1-b | |
| Cisco Virtual Wide Area Application Services | =5.2 | |
| Cisco Virtual Wide Area Application Services | =4.0.1 | |
| Cisco Virtual Wide Area Application Services | =4.0.3 | |
| Cisco Virtual Wide Area Application Services | =4.0.5 | |
| Cisco Virtual Wide Area Application Services | =4.0.7 | |
| Cisco Virtual Wide Area Application Services | =4.0.9 | |
| Cisco Virtual Wide Area Application Services | =4.0.11 | |
| Cisco Virtual Wide Area Application Services | =4.0.13 | |
| Cisco Virtual Wide Area Application Services | =4.0.17 | |
| Cisco Virtual Wide Area Application Services | =4.0.19 | |
| Cisco Virtual Wide Area Application Services | =4.0.21 | |
| Cisco Virtual Wide Area Application Services | =4.0.23 | |
| Cisco Virtual Wide Area Application Services | =4.0.25 | |
| Cisco Virtual Wide Area Application Services | =4.0.27 | |
| Cisco Application and Content Networking Software | =4.1.3 | |
| Cisco Application and Content Networking Software | =4.2.3 | |
| Cisco Application and Content Networking Software | =4.2.5 | |
| Cisco Application and Content Networking Software | =4.2.7.3 | |
| Cisco Application and Content Networking Software | =4.2.9.3 | |
| Cisco Application and Content Networking Software | =4.2.11.5 | |
| Cisco Application and Content Networking Software | =4.2.13.1 | |
| Cisco Application and Content Networking Software | =5.0 | |
| Cisco Application and Content Networking Software | =5.0.1 | |
| Cisco Application and Content Networking Software | =5.0.3.5 | |
| Cisco Application and Content Networking Software | =5.0.5.9 | |
| Cisco Application and Content Networking Software | =5.0.7.10 | |
| Cisco Application and Content Networking Software | =5.0.9.9 | |
| Cisco Application and Content Networking Software | =5.0.11.6 | |
| Cisco Application and Content Networking Software | =5.0.13.2 | |
| Cisco Application and Content Networking Software | =5.0.15.1 | |
| Cisco Application and Content Networking Software | =5.0.17.6 | |
| Cisco Application and Content Networking Software | =5.1.1.3 | |
| Cisco Application and Content Networking Software | =5.1.3.15 | |
| Cisco Application and Content Networking Software | =5.1.5.2 | |
| Cisco Application and Content Networking Software | =5.1.7.7 | |
| Cisco Application and Content Networking Software | =5.1.9.5 | |
| Cisco Application and Content Networking Software | =5.1.11.6 | |
| Cisco Application and Content Networking Software | =5.1.13.7 | |
| Cisco Application and Content Networking Software | =5.1.15.5 | |
| Cisco Application and Content Networking Software | =5.4 | |
| Cisco Application and Content Networking Software | =5.4.1.10 | |
| Cisco Application and Content Networking Software | =5.4.3.17 | |
| Cisco Application and Content Networking Software | =5.4.5.7 | |
| Cisco Application and Content Networking Software | =5.4.7.3 | |
| Cisco Application and Content Networking Software | =5.5 | |
| Cisco Application and Content Networking Software | =5.5.1.7 | |
| Cisco Application and Content Networking Software | =5.5.3.1 | |
| Cisco Application and Content Networking Software | =5.5.5.4 | |
| Cisco Application and Content Networking Software | =5.5.7.7 | |
| Cisco Application and Content Networking Software | =5.5.9.9 | |
| Cisco Application and Content Networking Software | =5.5.11.2 | |
| Cisco Application and Content Networking Software | =5.5.13.7 | |
| Cisco Application and Content Networking Software | =5.5.15.2 | |
| Cisco Application and Content Networking Software | =5.5.17 | |
| Cisco Application and Content Networking Software | =5.5.19 | |
| Cisco Application and Content Networking Software | =5.5.21 | |
| Cisco Application and Content Networking Software | =5.5.23 | |
| Cisco Application and Content Networking Software | =5.5.25 | |
| Cisco Application and Content Networking Software | =5.5.27 | |
| Cisco Application and Content Networking Software | =5.5.29 | |
| Cisco Enterprise Content Delivery Network Software | =2.0 | |
| Cisco Enterprise Content Delivery Network Software | =2.5.3 | |
| Cisco Enterprise Content Delivery Network Software | =2.5.5 | |
| Cisco Videoscape Distribution Suite for Internet Streaming | =2.0 | |
| Cisco Videoscape Distribution Suite for Internet Streaming | =2.6 | |
| Cisco Videoscape Distribution Suite for Internet Streaming | =3.1 | |
| Cisco Internet Streamer Content Delivery System | =1.0.0 | |
| Cisco Internet Streamer Content Delivery System | =3.2.0 | |
| Cisco Internet Streamer Content Delivery System | =3.2.1 | |
| Cisco Videoscape Delivery System Origin Server | =1.0 | |
| Cisco Videoscape Distribution Suite Optimization Engine | =1.0.0 | |
| Cisco Videoscape Distribution Suite Service Broker | =1.0.0 | |
| Cisco Videoscape Distribution Suite Service Broker | =1.0.1 | |
| Cisco Videoscape Distribution Suite Service Broker | =1.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/54367
- http://secunia.com/advisories/54369
- http://secunia.com/advisories/54370
- http://secunia.com/advisories/54372
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm
- http://www.securityfocus.com/bid/61543
- http://www.securitytracker.com/id/1028852
- http://www.securitytracker.com/id/1028853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86122
Frequently Asked Questions
What is the severity of CVE-2013-3444?
CVE-2013-3444 has been rated as a medium severity vulnerability.
How do I fix CVE-2013-3444?
To mitigate CVE-2013-3444, upgrade to the latest patched version of affected Cisco products.
What products are affected by CVE-2013-3444?
CVE-2013-3444 affects various versions of Cisco WAAS Software, ACNS Software, ECDS Software, and CDS-IS Software.
When was CVE-2013-3444 disclosed?
CVE-2013-3444 was disclosed in 2013.
What impacts could CVE-2013-3444 have?
The vulnerability could allow an attacker to execute arbitrary commands on the affected system.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco virtual wide area application services
- version/cisco virtual wide area application services/4.1.1
- version/cisco virtual wide area application services/4.1.1-a
- version/cisco virtual wide area application services/4.1.1-b
- version/cisco virtual wide area application services/4.1.1-c
- version/cisco virtual wide area application services/4.1.1-d
- version/cisco virtual wide area application services/4.1.3
- version/cisco virtual wide area application services/4.1.3-a
- version/cisco virtual wide area application services/4.1.3-b
- version/cisco virtual wide area application services/4.1.5-a
- version/cisco virtual wide area application services/4.1.5-b
- version/cisco virtual wide area application services/4.1.5-c
- version/cisco virtual wide area application services/4.1.5-d
- version/cisco virtual wide area application services/4.1.5-e
- version/cisco virtual wide area application services/4.1.5-f
- version/cisco virtual wide area application services/4.1.5-g
- version/cisco virtual wide area application services/4.1.7
- version/cisco virtual wide area application services/4.1.7-a
- version/cisco virtual wide area application services/4.1.7-b
- version/cisco virtual wide area application services/4.3.1
- version/cisco virtual wide area application services/4.3.3
- version/cisco virtual wide area application services/4.3.5
- version/cisco virtual wide area application services/4.3.5-a
- version/cisco virtual wide area application services/5.0.1
- version/cisco virtual wide area application services/5.0.3
- version/cisco virtual wide area application services/5.0.3-a
- version/cisco virtual wide area application services/5.0.3-c
- version/cisco virtual wide area application services/5.0.3-d
- version/cisco virtual wide area application services/4.2.1
- version/cisco virtual wide area application services/4.2.3
- version/cisco virtual wide area application services/4.2.3-a
- version/cisco virtual wide area application services/4.2.3-b
- version/cisco virtual wide area application services/4.2.3-c
- version/cisco virtual wide area application services/4.4.1
- version/cisco virtual wide area application services/4.4.3
- version/cisco virtual wide area application services/4.4.3-a
- version/cisco virtual wide area application services/4.4.3-b
- version/cisco virtual wide area application services/4.4.3-c
- version/cisco virtual wide area application services/4.4.5
- version/cisco virtual wide area application services/4.4.5-a
- version/cisco virtual wide area application services/4.4.5-b
- version/cisco virtual wide area application services/4.4.5-c
- version/cisco virtual wide area application services/4.4.5-d
- version/cisco virtual wide area application services/4.4.7
- version/cisco virtual wide area application services/5.1.1
- version/cisco virtual wide area application services/5.1.1-a
- version/cisco virtual wide area application services/5.1.1-b
- version/cisco virtual wide area application services/5.2
- version/cisco virtual wide area application services/4.0.1
- version/cisco virtual wide area application services/4.0.3
- version/cisco virtual wide area application services/4.0.5
- version/cisco virtual wide area application services/4.0.7
- version/cisco virtual wide area application services/4.0.9
- version/cisco virtual wide area application services/4.0.11
- version/cisco virtual wide area application services/4.0.13
- version/cisco virtual wide area application services/4.0.17
- version/cisco virtual wide area application services/4.0.19
- version/cisco virtual wide area application services/4.0.21
- version/cisco virtual wide area application services/4.0.23
- version/cisco virtual wide area application services/4.0.25
- version/cisco virtual wide area application services/4.0.27
- canonical/cisco application and content networking software
- version/cisco application and content networking software/4.1.3
- version/cisco application and content networking software/4.2.3
- version/cisco application and content networking software/4.2.5
- version/cisco application and content networking software/4.2.7.3
- version/cisco application and content networking software/4.2.9.3
- version/cisco application and content networking software/4.2.11.5
- version/cisco application and content networking software/4.2.13.1
- version/cisco application and content networking software/5.0
- version/cisco application and content networking software/5.0.1
- version/cisco application and content networking software/5.0.3.5
- version/cisco application and content networking software/5.0.5.9
- version/cisco application and content networking software/5.0.7.10
- version/cisco application and content networking software/5.0.9.9
- version/cisco application and content networking software/5.0.11.6
- version/cisco application and content networking software/5.0.13.2
- version/cisco application and content networking software/5.0.15.1
- version/cisco application and content networking software/5.0.17.6
- version/cisco application and content networking software/5.1.1.3
- version/cisco application and content networking software/5.1.3.15
- version/cisco application and content networking software/5.1.5.2
- version/cisco application and content networking software/5.1.7.7
- version/cisco application and content networking software/5.1.9.5
- version/cisco application and content networking software/5.1.11.6
- version/cisco application and content networking software/5.1.13.7
- version/cisco application and content networking software/5.1.15.5
- version/cisco application and content networking software/5.4
- version/cisco application and content networking software/5.4.1.10
- version/cisco application and content networking software/5.4.3.17
- version/cisco application and content networking software/5.4.5.7
- version/cisco application and content networking software/5.4.7.3
- version/cisco application and content networking software/5.5
- version/cisco application and content networking software/5.5.1.7
- version/cisco application and content networking software/5.5.3.1
- version/cisco application and content networking software/5.5.5.4
- version/cisco application and content networking software/5.5.7.7
- version/cisco application and content networking software/5.5.9.9
- version/cisco application and content networking software/5.5.11.2
- version/cisco application and content networking software/5.5.13.7
- version/cisco application and content networking software/5.5.15.2
- version/cisco application and content networking software/5.5.17
- version/cisco application and content networking software/5.5.19
- version/cisco application and content networking software/5.5.21
- version/cisco application and content networking software/5.5.23
- version/cisco application and content networking software/5.5.25
- version/cisco application and content networking software/5.5.27
- version/cisco application and content networking software/5.5.29
- canonical/cisco enterprise content delivery network software
- version/cisco enterprise content delivery network software/2.0
- version/cisco enterprise content delivery network software/2.5.3
- version/cisco enterprise content delivery network software/2.5.5
- canonical/cisco videoscape distribution suite for internet streaming
- version/cisco videoscape distribution suite for internet streaming/2.0
- version/cisco videoscape distribution suite for internet streaming/2.6
- version/cisco videoscape distribution suite for internet streaming/3.1
- canonical/cisco internet streamer content delivery system
- version/cisco internet streamer content delivery system/1.0.0
- version/cisco internet streamer content delivery system/3.2.0
- version/cisco internet streamer content delivery system/3.2.1
- canonical/cisco videoscape delivery system origin server
- version/cisco videoscape delivery system origin server/1.0
- canonical/cisco videoscape distribution suite optimization engine
- version/cisco videoscape distribution suite optimization engine/1.0.0
- canonical/cisco videoscape distribution suite service broker
- version/cisco videoscape distribution suite service broker/1.0.0
- version/cisco videoscape distribution suite service broker/1.0.1
- version/cisco videoscape distribution suite service broker/1.1.0