Two vulnerabilities have been reported in Cisco WAAS (Wide Area Application Services), which can be exploited by malicious users and malicious people to compromise a vulnerable system.
Versions 5.0.x, 5.1.x, and 5.2.x.
Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.
Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode. This vulnerability could allow an authenticated but unprivileged, remote attacker to execute arbitrary code on the affected system and on the devices managed by the affected system.An error within the web service framework can be exploited to execute arbitrary code via a specially crafted POST request.Successful exploitation of this vulnerability requires the device to be configured as Central Manager.An error within the web framework can be exploited inject and execute arbitrary commands.Successful exploitation of this vulnerability requires the device to be configured to run in central management mode.The vulnerabilities are reported in 4.x versions later than 4.2.1.
Upgrade to version 5.0.3e, 5.1.1c, or 5.2.1.