‫ Cisco WAAS (Wide Area Application Services) Arbitrary Code Execution Vulnerabilities

IRCAD2013082821
ID: IRCAD2013082821
Release Date: 2013-08-01
Criticality level: Highly critical
 
Software:
Cisco WAAS (Wide Area Application Services) 4.x
 
Description:
Two vulnerabilities have been reported in Cisco WAAS (Wide Area Application Services), which can be exploited by malicious users and malicious people to compromise a vulnerable system.
1) An error within the web service framework can be exploited to execute arbitrary code via a specially crafted POST request.
Successful exploitation of this vulnerability requires the device to be configured as Central Manager.
2) An error within the web framework can be exploited inject and execute arbitrary commands.
Successful exploitation of this vulnerability requires the device to be configured to run in central management mode.
The vulnerabilities are reported in 4.x versions later than 4.2.1.
 
Solution
Upgrade to version 5.0.3e, 5.1.1c, or 5.2.1.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 14 مرداد 1392

امتیاز

امتیاز شما
تعداد امتیازها:0