CVE-2013-3443

Cisco Wide Area Application Services 4.x-5.2.x - Remote Code Execution via Crafted POST Request

Title source: llm
STIX 2.1

Description

The web service framework in Cisco WAAS Software 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1 in a Central Manager (CM) configuration allows remote attackers to execute arbitrary code via a crafted POST request, aka Bug ID CSCuh26626.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1028851
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54367
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61542
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54372
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86121
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/95877

Scores

EPSS 0.0600
EPSS Percentile 92.5%

Details

CWE
CWE-20
Status published
Products (25)
cisco/wide_area_application_services 4.0.1
cisco/wide_area_application_services 4.0.3
cisco/wide_area_application_services 4.0.5
cisco/wide_area_application_services 4.0.7
cisco/wide_area_application_services 4.0.9
cisco/wide_area_application_services 4.0.11
cisco/wide_area_application_services 4.0.13
cisco/wide_area_application_services 4.0.17
cisco/wide_area_application_services 4.0.19
cisco/wide_area_application_services 4.0.21
... and 15 more
Published Aug 01, 2013
Tracked Since Feb 18, 2026