CVE-2013-5554

Published Nov 8, 2013

Last updated 11 years ago

CVSS info 7.5

Overview

Description: Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC6922A4-A805-4AA3-8BC0-D852D245B89C",
            "versionEndIncluding": "3.5.4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC1E77B1-4275-4864-9667-09C8C482CD78"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "343B627C-CDC3-404C-95E0-CB38521A79C4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C38EF58-5909-4B11-A734-2AB2900B9749"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "045AEB4A-5B64-4BA4-A27E-A54571164DB4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F2A464D-897A-4F76-8BD1-EC55BC9B7EE7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F0107C9-03B0-411E-B9B9-0F3A562FFBB9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14479749-E6B7-488E-AABA-844A92561CB9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E960EF84-3D57-4412-9C33-F5BE0A81DCAC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:wide_area_application_services_mobile:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAED83F4-EB96-4276-9FED-7F36855C818F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References