Executive Summary
Summary | |
---|---|
Title | Cisco WAAS Mobile Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20131106-waasm | First vendor Publication | 2013-11-06 |
Vendor | Cisco | Last vendor Modification | 2013-11-06 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Wide Area Application Services (WAAS) Mobile contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the Cisco WAAS Mobile server with the privileges of the Microsoft Internet Information Services (IIS) web server. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iFcDBQFSekRGUddfH3/BbToRCN00AQCADPIVyRY3IlQWUP8airNTGgvEoUSldfEV 7PSc77PgsQD+NAhj1b/5GuHgYgGGGB3ue79dG6wNmAkkb48RJ5Eehs8= =C2oN END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-01-07 | Name : An application on the remote host is affected by a remote code execution vuln... File : cisco_waas_3_5_5.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:12 |
|
2013-11-08 21:29:18 |
|
2013-11-07 00:20:01 |
|