RCE in Cisco Content_security_management
CVE-2013-3384
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.005 (66.8th percentile) — read the EPSS interpretation.
Affected products
- Cisco Content_security_management
- Cisco Email_security_appliance_firmware
- Cisco Ironport_asyncos — versions 7.2, 7.3, 7.5
- Cisco Web_security_appliance
- N/a — versions n/a
Weakness classification (CWE)
References
- 20130626 Multiple Vulnerabilities in Cisco Web Security Appliance (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 20130626 Multiple Vulnerabilities in Cisco Content Security Management Appliance (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 20130626 Multiple Vulnerabilities in Cisco Email Security Appliance (x_refsource_CISCO, vendor-advisory, Vendor Advisory)