Vulnerability CVE-2013-1125

Vulnerability CVE-2013-1125

Published: 2013-02-19 Modified: 2013-02-20

Description:

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	10/10	3.1/10

Exploit range	Attack complexity	Authentication
Local	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Cisco -> Application networking manager
Cisco -> Context directory agent
Cisco -> Identity services engine software
Cisco -> Network services manager
Cisco -> Prime collaboration
Cisco -> Prime lan management solution
Cisco -> Prime network control system
Cisco -> QUAD
Cisco -> Secure access control system
Cisco -> Unified provisioning manager

References:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125

Copyright 2024, cxsecurity.com