CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-3383

The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL sent over IPv4, aka Bug ID CSCzv69294.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 72.0%

CVSS Severity

CVSS v2 Score 9.0

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa

Products affected by CVE-2013-3383

Cisco » Web Security Appliance » Version: N/A

cpe:2.3:h:cisco:web_security_appliance:-
Cisco » Ironport Asyncos » Version: Any

cpe:2.3:o:cisco:ironport_asyncos:*
Cisco » Ironport Asyncos » Version: 7.5

cpe:2.3:o:cisco:ironport_asyncos:7.5
Cisco » Ironport Asyncos » Version: 7.7

cpe:2.3:o:cisco:ironport_asyncos:7.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3383

Products

Pricing

Contact Us