Podatność CVE-2013-1196


Publikacja: 2013-04-29   Modyfikacja: 2013-04-30

Opis:
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

Typ:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.8/10
10/10
3.1/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Niska
Jednorazowa
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Cisco -> Application networking manager 
Cisco -> Context directory agent 
Cisco -> Identity services engine software 
Cisco -> Network services manager 
Cisco -> Prime collaboration 
Cisco -> Prime data center network manager 
Cisco -> Prime lan management solution 
Cisco -> Prime network control system 
Cisco -> QUAD 
Cisco -> Secure access control system 
Cisco -> Unified provisioning manager 

 Referencje:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196

Copyright 2024, cxsecurity.com

 

Back to Top