Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAndrea Micalizzi aka rgodZDI-13-276
HistoryDec 15, 2013 - 12:00 a.m.

Cisco WAAS Mobile Server ReportReceiver CAB Processing Remote Code Execution Vulnerability

2013-12-1500:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
13

EPSS

0.187

Percentile

96.3%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CISCO WAAS Mobile Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of CAB files uploaded through ReportReceiver. By uploading a crafted CAB file, an attacker is able to add a hostile web page to the web server. Using this, an attacker is able to run arbitrary code as either DefaultAppPool or NetworkService, depending on the operating system version.

Related

cve 1
cisco 1
prion 1
cvelist 1
securityvulns 1
nvd 1
nessus 1
cve
cve
CVE-2013-5554
2013-11-08 04:47:23
cisco
cisco
Cisco WAAS Mobile Remote Code Execution Vulnerability
2013-11-06 16:00:00
prion
prion
Directory traversal
2013-11-08 04:47:00
cvelist
cvelist
CVE-2013-5554
2013-11-08 02:00:00
securityvulns
securityvulns
Cisco WAAS directory traversal
2013-11-18 00:00:00
nvd
nvd
CVE-2013-5554
2013-11-08 04:47:23
nessus
nessus
Cisco WAAS Mobile Server < 3.5.5 Remote Code Execution
2014-01-07 00:00:00

EPSS

0.187

Percentile

96.3%

JSON
Related for ZDI-13-276
cve1cisco1prion1cvelist1securityvulns1nvd1nessus1