CVE-2013-1125

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:application_networking_manager:-:::::::*
	cpe:2.3:a:cisco:context_directory_agent:-:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:-:::::::*
	cpe:2.3:a:cisco:network_services_manager:-:::::::*
	cpe:2.3:a:cisco:prime_collaboration:-:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:-:::::::*
	cpe:2.3:a:cisco:prime_network_control_system:-:::::::*
	cpe:2.3:a:cisco:quad:-:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:-:::::::*
	cpe:2.3:a:cisco:unified_provisioning_manager:-:::::::*

History

No history.

Information

Published : 2013-02-19 23:55

Updated : 2013-02-20 05:00

NVD link : CVE-2013-1125

Mitre link : CVE-2013-1125

CVE.ORG link : CVE-2013-1125

JSON object : View

Products Affected

cisco

network_services_manager
context_directory_agent
prime_collaboration
prime_lan_management_solution
unified_provisioning_manager
secure_access_control_system
quad
application_networking_manager
prime_network_control_system
identity_services_engine_software

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-1125", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-02-19T23:55:02.097", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042."}, {"lang": "es", "value": "La interfaz en l\u00ednea de comandos en Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, y Network Services Manager no validan correctamente las entradas, lo que permite a usuarios locales obtener privilegios de root mediante vectores no especificados, tambi\u00e9n conocido como Bugs IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042."}], "lastModified": "2013-02-20T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2BC24E6-3295-4D09-AC77-F9B4DA0811BE"}, {"criteria": "cpe:2.3:a:cisco:context_directory_agent:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9167B80B-DBD4-4B26-9BBB-98C9F246ED91"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D"}, {"criteria": "cpe:2.3:a:cisco:network_services_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AE172B5-15D4-400D-BF3F-A2177C02331A"}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D132E7DF-3B63-4A2A-AE65-C5F90CCF3878"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754"}, {"criteria": "cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7377B5F-AA6C-4042-BEB9-E7450059C99B"}, {"criteria": "cpe:2.3:a:cisco:quad:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C75C3800-0ADB-4B41-B4B0-1B9C923ADEEE"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "716A2EC7-4A03-4BB9-B787-6DD285E25056"}, {"criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C175AC04-44FB-4FC5-B8A6-046A50C9B75C"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}