CVE-2013-5554

Published: Nov 8, 2013Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.

Affected (10)

Products: Cisco: Wide Area Application Services Mobile

Cisco

1 product

Wide Area Application Services Mobile

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Cisco Wide Area Application Services Mobile	Up to 3.5.4
Cisco Wide Area Application Services Mobile	Version 3.3.1
Cisco Wide Area Application Services Mobile	Version 3.3.4
Cisco Wide Area Application Services Mobile	Version 3.4.1
Cisco Wide Area Application Services Mobile	Version 3.4.2
Cisco Wide Area Application Services Mobile	Version 3.4
Cisco Wide Area Application Services Mobile	Version 3.5.0
Cisco Wide Area Application Services Mobile	Version 3.5.1
Cisco Wide Area Application Services Mobile	Version 3.5.2
Cisco Wide Area Application Services Mobile	Version 3.5.3

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.