Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Authenticated Command Injection Vulnerability in Multiple Cisco Content Network and Video Delivery Products

cisco-sa-20130731-cm · Critical · Published · Updated

Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, remote attacker to execute arbitrary code on the affected system and on the devices managed by the affected system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-cm

Cisco advisory · CSAF JSON

Workarounds

There is no workaround that mitigates this vulnerability.

CVEsCVE-2013-3444
Cisco Bug IDsCSCug40609, CSCug48855, CSCug48872, CSCug48921, CSCug56790, CSCuh21020, CSCuh21103
CVSS ScoreBase 9.0
Base 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Application and Content Networking System (ACNS) Software, Cisco Wide Area Application Services (WAAS), Cisco Internet Streamer Content Delivery System (CDS-IS), Cisco Enterprise Content Delivery System (ECDS), Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS), Cisco Videoscape Distribution Suite Service Broker, Cisco Videoscape Distribution Suite Optimization Engine (VDS-OE), Cisco Videoscape Distribution Suite Origin Server, Cisco Internet Streamer Content Delivery System (CDS)

Related Products

Product CVE Evidence
Cisco Wide Area Application Services (WAAS) CVE-2013-3444 Cisco OpenVuln
Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) CVE-2013-3444 Cisco OpenVuln
Cisco Videoscape Distribution Suite Service Broker CVE-2013-3444 Cisco OpenVuln
Cisco Videoscape Distribution Suite Origin Server CVE-2013-3444 Cisco OpenVuln
Cisco Videoscape Distribution Suite Optimization Engine (VDS-OE) CVE-2013-3444 Cisco OpenVuln
Cisco Internet Streamer Content Delivery System (CDS-IS) CVE-2013-3444 Cisco OpenVuln
Cisco Internet Streamer Content Delivery System (CDS) CVE-2013-3444 Cisco OpenVuln
Cisco Enterprise Content Delivery System (ECDS) CVE-2013-3444 Cisco OpenVuln
Cisco Application and Content Networking System (ACNS) Software CVE-2013-3444 Cisco OpenVuln
Application and Content Networking System (ACNS) Software CVE-2013-3444 Cisco OpenVuln