{"id": "SECURITYVULNS:VULN:13184", "bulletinFamily": "software", "title": "Cisco Email Security / Web Security / Content Security multiple security vulnerabilities", "description": "Code execution, DoS.", "published": "2013-07-15T00:00:00", "modified": "2013-07-15T00:00:00", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13184", "reporter": "CISCO", "references": [], "cvelist": ["CVE-2013-3385", "CVE-2013-3384", "CVE-2013-3386"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:52", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "b2667c2b97a90468036882bd4f8c7fb5"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2b982e10bef51f2f06fb60227bb5e47b"}, {"key": "cvss", "hash": "4ea840ff73b6affb0ff1787d26923e0e"}, {"key": "description", "hash": "e97e9f8f58c0ea17a5fa4a218a5b1944"}, {"key": "href", "hash": "48628493aae8175a3dac6844a8498583"}, {"key": "modified", "hash": "c744c6d15c5ed33c64888ee18ab3c93d"}, {"key": "published", "hash": "c744c6d15c5ed33c64888ee18ab3c93d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "2e9d0015563e8f6c3614c219c759934c"}, {"key": "title", "hash": "b478b805ecd862726abb067b5c9cc646"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "936e7de01ed5e0e9d2d30008529d68f4102045b1a4b152eed59a6ec2de3c7517", "viewCount": 0, "enchantments": {"score": {"value": 9.3, "vector": "NONE", "modified": "2018-08-31T11:09:52"}, "vulnersScore": 9.3}, "objectVersion": "1.3", "affectedSoftware": [{"name": "IronPort AsyncOS", "operator": "eq", "version": "7.9"}]}

{"cve": [{"lastseen": "2016-09-03T18:34:32", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"], "edition": 1, "description": "The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (service crash or hang) via a high rate of TCP connection attempts, aka Bug IDs CSCzv25573 and CSCzv81712.", "reporter": "NVD", "published": "2013-06-27T17:55:07", "title": "CVE-2013-3386", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-3386"], "scanner": [], "modified": "2013-06-28T14:40:32", "cpe": ["cpe:/o:cisco:ironport_asyncos:7.3", "cpe:/o:cisco:ironport_asyncos:7.6", "cpe:/o:cisco:ironport_asyncos:7.5", "cpe:/o:cisco:ironport_asyncos:7.9", "cpe:/o:cisco:ironport_asyncos:8.0", "cpe:/o:cisco:ironport_asyncos:7.1.5"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3386", "id": "CVE-2013-3386", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:34:32", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"], "edition": 1, "description": "The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote attackers to cause a denial of service (system hang) via a series of (1) HTTP or (2) HTTPS requests to a management interface, aka Bug IDs CSCzv58669, CSCzv63329, and CSCzv78669.", "reporter": "NVD", "published": "2013-06-27T17:55:07", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2013-3385", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-3385"], "scanner": [], "modified": "2013-06-28T14:35:16", "cpe": ["cpe:/o:cisco:ironport_asyncos:7.7", "cpe:/o:cisco:ironport_asyncos:7.2", "cpe:/o:cisco:ironport_asyncos:7.3", "cpe:/o:cisco:ironport_asyncos:7.6", "cpe:/o:cisco:ironport_asyncos:7.5", "cpe:/o:cisco:ironport_asyncos:7.9", "cpe:/o:cisco:ironport_asyncos:7.1.3", "cpe:/o:cisco:ironport_asyncos:7.8"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3385", "id": "CVE-2013-3385", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T18:34:30", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"], "edition": 1, "description": "The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management Appliance devices before 7.2.2-110, 7.7 before 7.7.0-213, and 7.8 and 7.9 before 7.9.1-102 allows remote authenticated users to execute arbitrary commands via crafted command-line input in a URL, aka Bug IDs CSCzv85726, CSCzv44633, and CSCzv24579.", "reporter": "NVD", "published": "2013-06-27T17:55:07", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "CVE-2013-3384", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-3384"], "scanner": [], "modified": "2013-06-28T14:26:36", "cpe": ["cpe:/o:cisco:ironport_asyncos:7.7", "cpe:/o:cisco:ironport_asyncos:7.2", "cpe:/o:cisco:ironport_asyncos:7.3", "cpe:/o:cisco:ironport_asyncos:7.6", "cpe:/o:cisco:ironport_asyncos:7.5", "cpe:/o:cisco:ironport_asyncos:7.9", "cpe:/o:cisco:ironport_asyncos:7.1.3", "cpe:/o:cisco:ironport_asyncos:7.8"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3384", "id": "CVE-2013-3384", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:51:38", "references": ["http://www.nessus.org/u?dab68fde"], "pluginID": "69079", "description": "According to its self-reported version, the version of Cisco Content Security Management Appliance running on the remote host has the following vulnerabilities :\n\n - An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384)\n\n - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.\n (CVE-2013-3385)\n\n - A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)", "edition": 5, "reporter": "Tenable", "published": "2013-07-26T00:00:00", "title": "Multiple Vulnerabilities in Cisco Content Security Management Appliance (cisco-sa-20130626-sma)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3385", "CVE-2013-3384", "CVE-2013-3386"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/h:cisco:content_security_management_appliance"], "id": "CISCO-SA-20130626-SMA.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69079", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69079);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/06 11:26:05\");\n\n script_cve_id(\"CVE-2013-3384\", \"CVE-2013-3385\", \"CVE-2013-3386\");\n script_bugtraq_id(60805, 60806, 60807);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv24579\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv78669\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv81712\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20130626-sma\");\n\n script_name(english:\"Multiple Vulnerabilities in Cisco Content Security Management Appliance (cisco-sa-20130626-sma)\");\n script_summary(english:\"Checks SMA version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote security appliance is missing a vendor-supplied patch.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version, the version of Cisco Content\nSecurity Management Appliance running on the remote host has the\nfollowing vulnerabilities :\n\n - An unspecified vulnerability exists in the web framework\n that could allow a remote, authenticated attacker to\n execute arbitrary commands. (CVE-2013-3384)\n\n - A denial of service vulnerability exists in the web\n framework that could allow a remote, unauthenticated\n attacker to make the system unresponsive.\n (CVE-2013-3385)\n\n - A denial of service vulnerability exists in the\n management GUI that could allow a remote,\n unauthenticated attacker to make the system\n unresponsive. (CVE-2013-3386)\"\n );\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dab68fde\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant update referenced in Cisco Security Advisory\ncisco-sa-20130626-sma.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:content_security_management_appliance\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_sma_version.nasl\");\n script_require_keys(\"Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion\", \"Host/AsyncOS/Cisco Content Security Management Appliance/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ndisplay_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Content Security Management Appliance/DisplayVersion');\nver = get_kb_item_or_exit('Host/AsyncOS/Cisco Content Security Management Appliance/Version');\n\nif (ver =~ \"^[0-6]\\.\" || ver =~ \"^7\\.[012]\\.\") # 7.2 and earlier\n display_fix = '7.9.1-102';\nelse if (ver =~ \"^7\\.7\\.\")\n display_fix = '7.9.1-102';\nelse if (ver =~ \"^7\\.8\\.\")\n display_fix = '7.9.1-102';\nelse if (ver =~ \"^7\\.9\\.\")\n display_fix = '7.9.1-102';\nelse if (ver =~ \"^8\\.0\\.\")\n display_fix = '8.0.0-404';\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco SMA', display_ver);\n\nfix = str_replace(string:display_fix, find:'-', replace:'.');\n\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco SMA', display_ver);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + display_ver +\n '\\n Fixed version : ' + display_fix + '\\n';\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:13", "references": ["http://www.nessus.org/u?ea95ea71"], "pluginID": "69076", "description": "According to its self-reported version, the Cisco AsyncOS running on the remote Cisco Email Security (ESA) appliance is affected by multiple vulnerabilities :\n\n - An unspecified vulnerability exists in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands. (CVE-2013-3384)\n\n - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.\n (CVE-2013-3385)\n\n - A denial of service vulnerability exists in the management GUI that could allow a remote, unauthenticated attacker to make the system unresponsive. (CVE-2013-3386)", "edition": 7, "reporter": "Tenable", "published": "2013-07-26T00:00:00", "title": "Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3385", "CVE-2013-3384", "CVE-2013-3386"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:cisco:email_security_appliance_firmware", "cpe:/h:cisco:email_security_appliance"], "id": "CISCO-SA-20130626-ESA.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69076);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/06 11:26:05\");\n\n script_cve_id(\"CVE-2013-3384\", \"CVE-2013-3385\", \"CVE-2013-3386\");\n script_bugtraq_id(60805, 60806, 60807);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv25573\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv44633\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv63329\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20130626-esa\");\n\n script_name(english:\"Multiple Vulnerabilities in Cisco Email Security Appliance (cisco-sa-20130626-esa)\");\n script_summary(english:\"Checks ESA version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote security appliance is missing a vendor-supplied security\npatch.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version, the Cisco AsyncOS running on\nthe remote Cisco Email Security (ESA) appliance is affected by\nmultiple vulnerabilities :\n\n - An unspecified vulnerability exists in the web framework\n that could allow a remote, authenticated attacker to\n execute arbitrary commands. (CVE-2013-3384)\n\n - A denial of service vulnerability exists in the web\n framework that could allow a remote, unauthenticated\n attacker to make the system unresponsive.\n (CVE-2013-3385)\n\n - A denial of service vulnerability exists in the\n management GUI that could allow a remote,\n unauthenticated attacker to make the system\n unresponsive. (CVE-2013-3386)\"\n );\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea95ea71\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant update referenced in Cisco Security Advisory\ncisco-sa-20130626-esa.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:email_security_appliance\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:email_security_appliance_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_esa_version.nasl\");\n script_require_keys(\"Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion\", \"Host/AsyncOS/Cisco Email Security Appliance/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ndisplay_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Email Security Appliance/DisplayVersion');\nver = get_kb_item_or_exit('Host/AsyncOS/Cisco Email Security Appliance/Version');\n\nif (ver =~ \"^[0-6]\\.\" || ver =~ \"^7\\.[01]\\.\") # 7.1 and prior\n display_fix = '7.1.5-106';\nelse if (ver =~ \"^7\\.3\\.\")\n display_fix = '8.0.0-671';\nelse if (ver =~ \"^7\\.5\\.\")\n display_fix = '7.6.3-019';\nelse if (ver =~ \"^7\\.6\\.\")\n display_fix = '7.6.3-019';\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ESA', display_ver);\n\nfix = str_replace(string:display_fix, find:'-', replace:'.');\n\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ESA', display_ver);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + display_ver +\n '\\n Fixed version : ' + display_fix + '\\n';\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:34:51", "references": ["http://www.nessus.org/u?6ec44227"], "pluginID": "69082", "description": "According to its self-reported version, the version of Cisco Web Security Appliance running on the remote host has the following vulnerabilities :\n\n - Multiple unspecified vulnerabilities exist in the web framework that could allow a remote, authenticated attacker to execute arbitrary commands.\n (CVE-2013-3383, CVE-2013-3384)\n\n - A denial of service vulnerability exists in the web framework that could allow a remote, unauthenticated attacker to make the system unresponsive.\n (CVE-2013-3385)", "edition": 5, "reporter": "Tenable", "published": "2013-07-26T00:00:00", "title": "Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CISCO", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3385", "CVE-2013-3384", "CVE-2013-3383"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/h:cisco:web_security_appliance"], "id": "CISCO-SA-20130626-WSA.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69082);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/06 11:26:05\");\n\n script_cve_id(\"CVE-2013-3383\", \"CVE-2013-3384\", \"CVE-2013-3385\");\n script_bugtraq_id(60804, 60805, 60807);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv58669\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv69294\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCzv85726\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20130626-wsa\");\n\n script_name(english:\"Multiple Vulnerabilities in Cisco Web Security Appliance (cisco-sa-20130626-wsa)\");\n script_summary(english:\"Checks WSA version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote security appliance is missing a vendor-supplied patch.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its self-reported version, the version of Cisco Web\nSecurity Appliance running on the remote host has the following\nvulnerabilities :\n\n - Multiple unspecified vulnerabilities exist in the web\n framework that could allow a remote, authenticated\n attacker to execute arbitrary commands.\n (CVE-2013-3383, CVE-2013-3384)\n\n - A denial of service vulnerability exists in the web\n framework that could allow a remote, unauthenticated\n attacker to make the system unresponsive.\n (CVE-2013-3385)\"\n );\n # http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ec44227\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Apply the relevant update referenced in Cisco Security Advisory\ncisco-sa-20130626-wsa.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:cisco:web_security_appliance\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"cisco_wsa_version.nasl\");\n script_require_keys(\"Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion\", \"Host/AsyncOS/Cisco Web Security Appliance/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\ndisplay_ver = get_kb_item_or_exit('Host/AsyncOS/Cisco Web Security Appliance/DisplayVersion');\nver = get_kb_item_or_exit('Host/AsyncOS/Cisco Web Security Appliance/Version');\n\nif (ver =~ \"^[0-6]\\.\" || ver =~ \"^7\\.[01]\\.\") # 7.1 and prior\n display_fix = '7.1.3-033';\nelse if (ver =~ \"^7\\.5\\.\")\n display_fix = '7.5.0-838';\nelse if (ver =~ \"^7\\.7\\.\")\n display_fix = '7.7.0-602';\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco WSA', display_ver);\n\nfix = str_replace(string:display_fix, find:'-', replace:'.');\n\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) >= 0)\n audit(AUDIT_INST_VER_NOT_VULN, 'Cisco WSA', display_ver);\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + display_ver +\n '\\n Fixed version : ' + display_fix + '\\n';\n security_hole(port:0, extra:report);\n}\nelse security_hole(0);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2017-09-26T15:34:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa"], "description": "A vulnerability in the Graphical User Interface (GUI) function in the web framework code could allow an unauthenticated,\nremote attacker to cause multiple processes to become unresponsive, resulting in a denial of service condition.\n\nThe vulnerability is due to\nimproper handling, processing and termination of HTTP and HTTPS connections. An attacker could exploit this vulnerability by\nsending multiple HTTP or HTTPS requests to any management enabled interfaces of\nthe affected system. A full TCP three-way handshake is required to\nexploit this vulnerability. An exploit could allow the attacker prevent management access via the GUI and cause other critical process to become unresponsive, resulting in a denial of service condition. A hard reboot of the affected system is needed to restore full functionality.\n\nA vulnerability in the IronPort Spam Quarantine (ISQ) function in the web framework code could allow an unauthenticated,\nremote attacker to cause multiple critical processes to become unresponsive, resulting in a denial of service condition.\n\nThe vulnerability is due to\nimproper handling and processing of TCP connection requests\nsent at high rate. An attacker could exploit this vulnerability by\na sending sequence of TCP requests to the ISQ service port that is open on the ISQ-enabled interfaces of\nthe affected system. A full TCP three-way handshake is required to\nexploit this vulnerability. An successful exploit could allow the attacker to crash\nor make unresponsive the ISQ service and cause other critical processes to become unresponsive, resulting in a denial of service condition. A hard reboot of the affected system is needed to restore full functionality.\n\nA vulnerability in the web framework code could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. \n\nThe vulnerability is due to a failure to properly sanitize user supplied input that is subsequently utilized to perform an action that leverages the underlying command-line interface of the device. An authenticated but unprivileged attacker could exploit this vulnerability by sending a crafted URL to the affected system, or by convincing a valid user to click on a malicious URL. A successful exploit could allow an attacker with sufficient knowledge to take complete control of the affected device.\n\nCisco IronPort AsyncOS Software for Cisco Email Security Appliance is affected by the following vulnerabilities:\n\n Web Framework Authenticated Command Injection Vulnerability \n IronPort Spam Quarantine Denial of Service Vulnerability\n Management GUI Denial of Service Vulnerability \n\n \n\nSuccessful\nexploitation of the Web Framework Authenticated Command Injection Vulnerability could allow an authenticated,\nremote attacker to execute arbitrary commands on the underlying\noperating system with elevated privileges. \n\nSuccessful\nexploitation of either of the two denial of service vulnerabilities may\ncause several critical processes to become unresponsive and make the\naffected system unstable.\n\nCisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa\"]", "reporter": "Cisco", "published": "2013-06-26T16:00:00", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco Email Security Appliance", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Web Security Appliance (WSA)", "version": "any", "operator": "eq"}, {"name": "Cisco Email Security Appliance (ESA)", "version": "any", "operator": "eq"}, {"name": "Cisco Content Security Management Appliance (SMA)", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2013-3384", "CVE-2013-3385", "CVE-2013-3386"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2013-06-27T13:41:52", "id": "CISCO-SA-20130626-ESA", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-esa", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-26T15:34:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma"], "description": "A vulnerability in the Graphical User Interface (GUI) function in the web framework code could allow an unauthenticated,\nremote attacker to cause multiple processes to become unresponsive, resulting in a denial of service condition.\n\nThe vulnerability is due to\nimproper handling, processing and termination of HTTP and HTTPS connections. An attacker could exploit this vulnerability by\nsending multiple HTTP or HTTPS requests to any management enabled interfaces of\nthe affected system. A full TCP three-way handshake is required to\nexploit this vulnerability. An exploit could allow the attacker prevent management access via the GUI and cause other critical process to become unresponsive, resulting in a denial of service condition. A hard reboot of the affected system is needed to restore full functionality.\n\nA vulnerability in the IronPort Spam Quarantine (ISQ) function in the web framework code could allow an unauthenticated,\nremote attacker to cause multiple critical processes to become unresponsive, resulting in a denial of service condition.\n\nThe vulnerability is due to\nimproper handling and processing of TCP connection requests\nsent at high rate. An attacker could exploit this vulnerability by\na sending sequence of TCP requests to the ISQ service port that is open on the ISQ-enabled interfaces of\nthe affected system. A full TCP three-way handshake is required to\nexploit this vulnerability. An successful exploit could allow the attacker to crash\nor make unresponsive the ISQ service and cause other critical processes to become unresponsive, resulting in a denial of service condition. A hard reboot of the affected system is needed to restore full functionality.\n\nA vulnerability in the Security Services function in the web framework code could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. \n\nThe vulnerability is due to a failure to properly sanitize user supplied input that is subsequently utilized to perform an action that leverages the underlying command line interface of the device. An authenticated but unprivileged attacker could exploit this vulnerability by sending a crafted URL to the affected system, or by convincing a valid user to click on a malicious URL. An exploit could allow an attacker with sufficient knowledge to take complete control of the affected device.\n\nA vulnerability in the web framework code could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. \n\nThe vulnerability is due to a failure to properly sanitize user supplied input that is subsequently utilized to perform an action that leverages the underlying command-line interface of the device. An authenticated but unprivileged attacker could exploit this vulnerability by sending a crafted URL to the affected system, or by convincing a valid user to click on a malicious URL. A successful exploit could allow an attacker with sufficient knowledge to take complete control of the affected device.\n\nCisco IronPort AsyncOS Software for Cisco Content Security Management Appliance is affected by the following vulnerabilities:\n\n Web Framework Authenticated Command Injection Vulnerability\n IronPort Spam Quarantine Denial of Service Vulnerability\n Management GUI Denial of Service Vulnerability \n\nThese vulnerabilities are independent of each other; a release that is\naffected by one of the vulnerabilities may not be affected by the\nothers.\n\nSuccessful exploitation of the Web Framework Authenticated Command Injection Vulnerability could allow an authenticated,\nremote attacker to execute arbitrary commands on the underlying\noperating system with elevated privileges. \n\nSuccessful exploitation of either of the two denial of service vulnerabilities could cause several critical processes to become unresponsive and make the affected system unstable.\n\nCisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma\"]", "reporter": "Cisco", "published": "2013-06-26T16:00:00", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco Content Security Management Appliance", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Web Security Appliance (WSA)", "version": "any", "operator": "eq"}, {"name": "Cisco Email Security Appliance (ESA)", "version": "any", "operator": "eq"}, {"name": "Cisco Content Security Management Appliance (SMA)", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2013-3383", "CVE-2013-3384", "CVE-2013-3385", "CVE-2013-3386"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2013-06-26T14:11:38", "id": "CISCO-SA-20130626-SMA", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-sma", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-26T15:34:02", "_object_types": ["robots.models.base.Bulletin", "robots.models.cisco.CiscoBulletin"], "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa"], "description": "A vulnerability in the Graphical User Interface (GUI) function in the web framework code could allow an unauthenticated,\nremote attacker to cause multiple processes to become unresponsive, resulting in a denial of service condition.\n\nThe vulnerability is due to\nimproper handling, processing and termination of HTTP and HTTPS connections. An attacker could exploit this vulnerability by\nsending multiple HTTP or HTTPS requests to any management enabled interfaces of\nthe affected system. A full TCP three-way handshake is required to\nexploit this vulnerability. An exploit could allow the attacker prevent management access via the GUI and cause other critical process to become unresponsive, resulting in a denial of service condition. A hard reboot of the affected system is needed to restore full functionality.\n\nA vulnerability in the Security Services function in the web framework code could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. \n\nThe vulnerability is due to a failure to properly sanitize user supplied input that is subsequently utilized to perform an action that leverages the underlying command line interface of the device. An authenticated but unprivileged attacker could exploit this vulnerability by sending a crafted URL to the affected system, or by convincing a valid user to click on a malicious URL. An exploit could allow an attacker with sufficient knowledge to take complete control of the affected device.\n\nA vulnerability in the web framework code could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. \n\nThe vulnerability is due to a failure to properly sanitize user supplied input that is subsequently utilized to perform an action that leverages the underlying command-line interface of the device. An authenticated but unprivileged attacker could exploit this vulnerability by sending a crafted URL to the affected system, or by convincing a valid user to click on a malicious URL. A successful exploit could allow an attacker with sufficient knowledge to take complete control of the affected device.\n\nCisco IronPort AsyncOS Software for Cisco Web Security Appliance is affected by the following vulnerabilities:\n\n Two authenticated command injection vulnerabilities\n Management GUI Denial of Service Vulnerability \n\nThese vulnerabilities are independent of each other; a release that is\naffected by one of the vulnerabilities may not be affected by the\nothers.\n\nSuccessful exploitation of any of the two command injection vulnerabilities could allow an authenticated,\nremote attacker to execute arbitrary commands on the underlying\noperating system with elevated privileges. \n\nSuccessful exploitation of the Management GUI Denial of Service Vulnerability could cause several critical processes to become\nunresponsive and make the affected system unstable.\n\nCisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa\"]", "reporter": "Cisco", "published": "2013-06-26T16:00:00", "type": "cisco", "title": "Multiple Vulnerabilities in Cisco Web Security Appliance", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Cisco Web Security Appliance (WSA)", "version": "any", "operator": "eq"}, {"name": "Cisco Email Security Appliance (ESA)", "version": "any", "operator": "eq"}, {"name": "Cisco Content Security Management Appliance (SMA)", "version": "any", "operator": "eq"}], "cvelist": ["CVE-2013-3383", "CVE-2013-3384", "CVE-2013-3385"], "_object_type": "robots.models.cisco.CiscoBulletin", "modified": "2013-06-28T10:53:41", "id": "CISCO-SA-20130626-WSA", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:41:28", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "CVE(CAN) ID: CVE-2013-3384\r\n\r\nCisco Web Security Appliance\u662f\u5b89\u5168\u7684Web\u7f51\u5173\uff0c\u5728\u4e00\u4e2a\u5e73\u53f0\u4e0a\u96c6\u6210\u4e86\u6076\u610f\u8f6f\u4ef6\u9632\u62a4\u3001\u5e94\u7528\u53ef\u89c6\u5316\u63a7\u5236\u3001\u7b56\u7565\u63a7\u5236\u7b49\u3002Cisco IronPort AsyncOS\u662f\u7535\u5b50\u90ae\u4ef6\u5b89\u5168\u8bbe\u5907\u3002\r\n\r\nCisco Web Security Appliance\u8bbe\u5907\u4e0a\u7684IronPort AsyncOS\u5728Web\u6846\u67b6\u7684\u5b9e\u73b0\u4e0a\uff0c\u4ee5\u53caContent Security Management Appliance\u8bbe\u5907\u548cEmail Security Appliance\u8bbe\u5907\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u901a\u8fc7IPv4\u53d1\u9001\u7684URL\u7279\u5236\u547d\u4ee4\u884c\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\r\n0\r\nCisco Web Security Appliance <= 7.7.0-550\r\nCisco Web Security Appliance <= 7.5.0-838\r\nCisco Web Security Appliance <= 7.1.3-013\r\nCisco Email Security Appliance <= 7.6.3-019\r\nCisco Email Security Appliance <= 7.5.2-203\r\nCisco Email Security Appliance <= 7.3.2-026\r\nCisco Email Security Appliance <= 7.1.5-104\r\nCisco Content Security Management Appliance <= 7.9.1-102\r\nCisco Content Security Management Appliance <= 7.7.0-213\r\nCisco Content Security Management Appliance <= 7.2.2-110\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCisco\r\n-----\r\nCisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20130626-wsa\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncisco-sa-20130626-wsa\uff1aMultiple Vulnerabilities in Cisco Web Security Appliance\r\n\u94fe\u63a5\uff1ahttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130626-wsa", "reporter": "Root", "published": "2013-07-02T00:00:00", "title": "Cisco Web Security Appliance Web\u6846\u67b6\u4efb\u610f\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e(CVE-2013-3384)", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2013-3384"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2013-07-02T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60868", "id": "SSV:60868", "sourceData": "", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "cve,details"}]}