var-201306-0166
Vulnerability from variot
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with elevated privileges in context of the affected application. This issue being tracked by Cisco bug ID CSCzv69294. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. This vulnerability stems from the failure to correctly filter the special URL submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "ironport asyncos",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.7.0-550"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "asyncos",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "asyncos",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.0-838"
},
{
"model": "web security the appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ironport asyncos",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.1.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ironport_asyncos:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ironport_asyncos:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ironport_asyncos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3383"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "60804"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3383",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-3383",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-63385",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3383",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-501",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-63385",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63385"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands with elevated privileges in context of the affected application. \nThis issue being tracked by Cisco bug ID CSCzv69294. The appliance provides SaaS-based access control, real-time network reporting and tracking, and security policy formulation. This vulnerability stems from the failure to correctly filter the special URL submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "BID",
"id": "60804"
},
{
"db": "VULHUB",
"id": "VHN-63385"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3383",
"trust": 2.8
},
{
"db": "BID",
"id": "60804",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130626 MULTIPLE VULNERABILITIES IN CISCO WEB SECURITY APPLIANCE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63385",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63385"
},
{
"db": "BID",
"id": "60804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"id": "VAR-201306-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63385"
}
],
"trust": 0.6588235
},
"last_update_date": "2023-12-18T13:09:31.340000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "29452",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewambalert.x?alertid=29452"
},
{
"title": "cisco-sa-20130626-wsa",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130626-wsa"
},
{
"title": "29746",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=29746"
},
{
"title": "cisco-sa-20130626-sma",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/jp/111/1118/1118426_cisco-sa-20130626-sma-j.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63385"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "NVD",
"id": "CVE-2013-3383"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130626-wsa"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3383"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3383"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/60804"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63385"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63385"
},
{
"db": "BID",
"id": "60804"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-63385"
},
{
"date": "2013-06-26T00:00:00",
"db": "BID",
"id": "60804"
},
{
"date": "2013-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"date": "2013-06-27T21:55:06.987000",
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"date": "2013-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-63385"
},
{
"date": "2013-06-26T00:00:00",
"db": "BID",
"id": "60804"
},
{
"date": "2013-07-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003152"
},
{
"date": "2013-06-28T04:00:00",
"db": "NVD",
"id": "CVE-2013-3383"
},
{
"date": "2013-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Web Security Runs on the appliance device AsyncOS Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003152"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-501"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.