Vulnerability Details : CVE-2013-3444
The web framework in Cisco WAAS Software before 4.x and 5.x before 5.0.3e, 5.1.x before 5.1.1c, and 5.2.x before 5.2.1; Cisco ACNS Software 4.x and 5.x before 5.5.29.2; Cisco ECDS Software 2.x before 2.5.6; Cisco CDS-IS Software 2.x before 2.6.3.b50 and 3.1.x before 3.1.2b54; Cisco VDS-IS Software 3.2.x before 3.2.1.b9; Cisco VDS-SB Software 1.x before 1.1.0-b96; Cisco VDS-OE Software 1.x before 1.0.1; and Cisco VDS-OS Software 1.x in central-management mode allows remote authenticated users to execute arbitrary commands by appending crafted strings to values in GUI fields, aka Bug IDs CSCug40609, CSCug48855, CSCug48921, CSCug48872, CSCuh21103, CSCuh21020, and CSCug56790.
Products affected by CVE-2013-3444
- cpe:2.3:a:cisco:wide_area_application_services:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.0.27:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.1:d:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.3:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:f:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:g:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.1:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.1:c:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:d:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:e:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.1:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:c:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.7:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.3:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.5:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.1.7:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.2.3:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.2.3:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.2.3:c:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.3.5:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.5:c:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.5:d:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.5:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.5:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.3:c:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.3:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.3:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:4.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.0.3:d:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.0.3:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.0.3:c:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1.1:b:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.1.1:a:*:*:*:*:*:*
- cpe:2.3:a:cisco:wide_area_application_services:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:internet_streamer_content_delivery_system:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:internet_streamer_content_delivery_system:2.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:internet_streamer_content_delivery_system:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_delivery_system_for_internet_streamer:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_delivery_system_for_internet_streamer:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_delivery_system_for_internet_streamer:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_distribution_suite_service_broker:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_distribution_suite_service_broker:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_distribution_suite_service_broker:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_distribution_suite_optimization_engine:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:videoscape_delivery_system_origin_server:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.11.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.11.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.25:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.17.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.15.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.27:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.29:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:4.2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.4.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_and_content_networking_system_software:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_content_delivery_network_software:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_content_delivery_network_software:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:enterprise_content_delivery_network_software:2.5.5:*:*:*:*:*:*:*
Threat overview for CVE-2013-3444
Top countries where our scanners detected CVE-2013-3444
Top open port discovered on systems with this issue
22
IPs affected by CVE-2013-3444 1
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-3444!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-3444
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3444
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST |
CWE ids for CVE-2013-3444
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3444
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm
Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery ProductsVendor Advisory
-
http://www.securitytracker.com/id/1028852
Cisco Application and Content Networking System Web Interface Bug Lets Remote Authenticated Users Execute Arbitrary Commands - SecurityTracker
-
http://www.securityfocus.com/bid/61543
Multiple Cisco Content Network and Video Delivery Products Command Injection Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/86122
Multiple Cisco content network and video delivery products framework command execution CVE-2013-3444 Vulnerability Report
-
http://www.securitytracker.com/id/1028853
Cisco Wide Area Application Services Web Interface Bug Lets Remote Authenticated Users Execute Arbitrary Commands - SecurityTracker
Jump to