Vulnerability CVE-2013-1196

Vulnerability CVE-2013-1196

Published: 2013-04-29 Modified: 2013-04-30

Description:

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	10/10	3.1/10

Exploit range	Attack complexity	Authentication
Local	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Cisco -> Application networking manager
Cisco -> Context directory agent
Cisco -> Identity services engine software
Cisco -> Network services manager
Cisco -> Prime collaboration
Cisco -> Prime data center network manager
Cisco -> Prime lan management solution
Cisco -> Prime network control system
Cisco -> QUAD
Cisco -> Secure access control system
Cisco -> Unified provisioning manager

References:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196

Copyright 2024, cxsecurity.com