Multiple Vulnerabilities in Cisco Content Security Management Appliance (cisco-sa-20130626-sma)

high Nessus Plugin ID 69079

Synopsis

The remote security appliance is missing a vendor-supplied patch.

Description

According to its self-reported version, the version of Cisco Content Security Management Appliance running on the remote host has the following vulnerabilities :

- An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384)

- A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.
(CVE-2013-3385)

- A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)

Solution

Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20130626-sma.

See Also

http://www.nessus.org/u?721fa320

Plugin Details

Severity: High

ID: 69079

File Name: cisco-sa-20130626-sma.nasl

Version: 1.5

Type: local

Family: CISCO

Published: 7/26/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:cisco:content_security_management_appliance

Required KB Items: Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion, Host/AsyncOS/Cisco Content Security Management Appliance/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2013

Vulnerability Publication Date: 6/26/2013

Reference Information

CVE: CVE-2013-3384, CVE-2013-3385, CVE-2013-3386

BID: 60805, 60806, 60807