-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2013-0062 Title: Cisco WAAS Central Manager Remote Code Execution Vulnerability Version history: 02.08.2013 Initial publication Summary ======= Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. CVSS Base Score - 10.0 CVSS Temporal Score - 8.7 Affected Products and Versions: ============================== The following products running a vulnerable version of Cisco WAAS Software and configured as Central Manager (CM) are affected by this vulnerability: Cisco WAAS Appliances Cisco Virtual WAAS (vWAAS) Cisco WAAS Modules Note: Only Cisco WAAS products configured as Central Manager are affected by this vulnerability. To determine whether the Cisco WAAS Software is configured as CM use the show cms info command. The following example shows Cisco WAAS Software configured as CM: ciscowaas-cm#show cms info Device registration information : Device Id = 182 Device registered as = WAAS Central Manager Current WAAS Central Manager role = Primary CMS services information : Service cms_httpd is running Service cms_cdm is running Original details: ================ Cisco WAAS application acceleration and WAN optimization solutions accelerate the performance of any TCP-based application delivered across a WAN, providing the benefits of branch-office data consolidation and acceleration of centralized applications. Every WAAS network must have one primary WAAS CM device that is responsible for managing the other WAAS devices in the network. The Cisco WAAS CM device hosts the Cisco WAAS CM GUI, a web-based interface that allows configuration, management and monitoring of the associated Cisco WAAS devices. A vulnerability in the web service framework code of Cisco WAAS, when configured as Central Manager (CM) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted POST request to the affected system. An exploit could allow the attacker to execute arbitrary code on the affected system. Due to the privileged function of the WAAS CM in the Cisco WAAS network, exploitation of this vulnerability could allow the attacker to gain administrative access to all the devices that have been associated to the vulnerable WAAS CM. Note: Only Cisco WAAS Software configured as CM is affected by this vulnerability. What can you do? ================ Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available [1]. What to tell your users? ======================== N/A More information ================ [1] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130731-waascm Best regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIbBAEBAgAGBQJR+37VAAoJEPpzpNLI8SVoHo0P+IKHdVczYQeqlE2aL4zojBmq 40t5x/KdqvBh2HXeJWb8kR+F7kV39LQzKbMzKMINXnOYjf66rlRPOezNuGQqp1Sa golqI3HSUiRnzZP03eL0z5PphJLPIw1CotCSHKaH04i+IBjadOsbNr/eRmGgXfTC L9WKgUkFosNLCpjDS0eRadUngerxbxEXv8hTGg7wV59M+1Js6R7HUD8+LPKqe2Cs SaHZKH2vhuDJ4uMEo2G/WLTd4j9rwENSAy/hUIZMq8QuWgSxHOoLcnsHPItKIcTd btzONqbL7ckphRaB0u+HbLVAryje2qhArYv+ys8iB6malU2wKr9pEC8u3zfIcULz x+tr74ziRrTHeJuAEfFpjXa5o3Z2CqP8FfLoWt2P/tVW2mToQe8fsLgMeonIFIsH lR4KZM9IDeS/aPSCkJQEAMn5QIStbXfcu8voyc6LL3dzImcTlqhlm7rLmL5j0UF+ xF5E2UlmcYplP2rinFViDCD8S+qWxu0eeKjDnZcyRxKF8t1o4tfCviBfQhGCcixh kFT7gui/4s8axWVCAfAlg8u8za5CNPbu0DbiecmSev+dfVCSKRS4Cmt4A8dPJDgy LIDzNWlEfj9dNHaPqw2tLSFiMXeqdecIFtX1BkPMJpBlf1Oigu3vDW0OX7G3qmfK tJqZQ2u5URQZWjBXV/Y= =MWxT -----END PGP SIGNATURE-----