Lucene search

CiscoCISCO-SA-20131106-WAASM

HistoryNov 06, 2013 - 4:00 p.m.

Cisco WAAS Mobile Remote Code Execution Vulnerability

2013-11-0616:00:00

tools.cisco.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.187

Percentile

96.3%

JSON

Cisco Wide Area Application Services (WAAS) Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services (IIS) web server.

Cisco has released software updates that address this vulnerability.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm”]

Affected configurations

Vulners

Node

ciscowide_area_application_services_mobileMatchany

VendorProductVersionCPE
ciscowide_area_application_services_mobileanycpe:2.3:a:cisco:wide_area_application_services_mobile:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	wide_area_application_services_mobile	any	cpe:2.3:a:cisco:wide_area_application_services_mobile:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.187

Percentile

96.3%

JSON

Related for CISCO-SA-20131106-WAASM