CVE-2013-1196

EUVD-2013-1236

29.04.2013, 21:55

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.8 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:S/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Affected Products (NVD)

Vendor	Product	Version
cisco	application_networking_manager	-
cisco	context_directory_agent	-
cisco	identity_services_engine_software	-
cisco	network_services_manager	-
cisco	prime_collaboration	-
cisco	prime_data_center_network_manager	-
cisco	prime_lan_management_solution	-
cisco	prime_network_control_system	-
cisco	quad	-
cisco	secure_access_control_system	-
cisco	unified_provisioning_manager	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196