Vulnerability CVE-2013-1196


Published: 2013-04-29   Modified: 2013-04-30

Description:
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
10/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Application networking manager 
Cisco -> Context directory agent 
Cisco -> Identity services engine software 
Cisco -> Network services manager 
Cisco -> Prime collaboration 
Cisco -> Prime data center network manager 
Cisco -> Prime lan management solution 
Cisco -> Prime network control system 
Cisco -> QUAD 
Cisco -> Secure access control system 
Cisco -> Unified provisioning manager 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196

Copyright 2024, cxsecurity.com

 

Back to Top