Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)

critical Nessus Plugin ID 69082

Synopsis

The remote security appliance is missing a vendor-supplied patch.

Description

According to its self-reported version, the version of Cisco Web Security Appliance running on the remote host has the following vulnerabilities :

- Multiple unspecified vulnerabilities exist in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands.
(CVE-2013-3383, CVE-2013-3384)

- A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.
(CVE-2013-3385)

Solution

Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20130626-wsa.

See Also

http://www.nessus.org/u?4ce4facb

Plugin Details

Severity: Critical

ID: 69082

File Name: cisco-sa-20130626-wsa.nasl

Version: 1.8

Type: local

Family: CISCO

Published: 7/26/2013

Updated: 5/20/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2013-3383

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:cisco:web_security_appliance, cpe:/a:cisco:web_security_appliance, cpe:/o:cisco:web_security_appliance, cpe:/o:cisco:asyncos

Required KB Items: Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion, Host/AsyncOS/Cisco Web Security Appliance/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2013

Vulnerability Publication Date: 6/26/2013

Reference Information

CVE: CVE-2013-3383, CVE-2013-3384, CVE-2013-3385

BID: 60805, 60807, 60804