CVE-2013-1125

19.02.2013, 23:55

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	LOCAL	LOW	AV:L/AC:L/Au:S/C:C/I:C/A:C
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
cisco	application_networking_manager	-
cisco	context_directory_agent	-
cisco	identity_services_engine_software	-
cisco	network_services_manager	-
cisco	prime_collaboration	-
cisco	prime_lan_management_solution	-
cisco	prime_network_control_system	-
cisco	quad	-
cisco	secure_access_control_system	-
cisco	unified_provisioning_manager	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125