Sign-up

ID

VAR-201302-0387


CVE

CVE-2013-1125


TITLE

plural Cisco In the product command line interface root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-001621

DESCRIPTION

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. plural Cisco The product command line interface does not validate input properly, root There are vulnerabilities that can be granted privileges. The problem is Bug ID CSCue46001 , CSCud95790 , CSCue46021 , CSCue46025 , CSCue46023 , CSCue46058 , CSCue46013 , CSCue46031 , CSCue46035 ,and CSCue46042 It is a problem.By local users root You may get permission. Multiple Cisco products are prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to gain shell access with root privileges on an affected system. Successful exploits may result in complete system compromise. This issue being tracked by Cisco Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042. Cisco Identity Services Engine (ISE) is an identity-based context-aware platform (ISE Identity Services Engine) from Cisco. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2013-1125 // JVNDB: JVNDB-2013-001621 // BID: 58063 // VULHUB: VHN-61127

AFFECTED PRODUCTS

vendor:ciscomodel:quadscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified provisioning managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:network services managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime network control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:application networking managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:context directory agentscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime lan management solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:application networking managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:context directory agentscope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:network services managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime lan management solutionscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime network control system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:quadscope: - version: -

Trust: 0.8

vendor:ciscomodel:secure access control system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:unified provisioning managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:webex socialscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified provisioning managerscope:eqversion:8.7

Trust: 0.3

vendor:ciscomodel:unified provisioning managerscope:eqversion:8.6

Trust: 0.3

vendor:ciscomodel:unified provisioning managerscope:eqversion:8.5

Trust: 0.3

vendor:ciscomodel:secure access control system patchscope:eqversion:5.37

Trust: 0.3

vendor:ciscomodel:secure access control systemscope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:secure access control system patchscope:eqversion:5.211

Trust: 0.3

vendor:ciscomodel:secure access control systemscope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:secure access control systemscope:eqversion:5.1

Trust: 0.3

vendor:ciscomodel:secure access control systemscope:eqversion:5.0

Trust: 0.3

vendor:ciscomodel:prime network control systemscope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:prime network control systemscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:prime lan management solutionscope:eqversion:4.2.3

Trust: 0.3

vendor:ciscomodel:prime lan management solutionscope:eqversion:4.2.1

Trust: 0.3

vendor:ciscomodel:prime lan management solutionscope:eqversion:4.2.2

Trust: 0.3

vendor:ciscomodel:prime lan management solutionscope:eqversion:4.2

Trust: 0.3

vendor:ciscomodel:prime collaborationscope:eqversion:9.0

Trust: 0.3

vendor:ciscomodel:network services managerscope:eqversion:5.0.2

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:1.0.4

Trust: 0.3

vendor:ciscomodel:identity services engine 1.0.4.mr2scope: - version: -

Trust: 0.3

vendor:ciscomodel:context directory agentscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:application networking managerscope:eqversion:2.0

Trust: 0.3

sources: BID: 58063 // JVNDB: JVNDB-2013-001621 // CNNVD: CNNVD-201302-329 // NVD: CVE-2013-1125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1125
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1125
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201302-329
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61127
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1125
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61127
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61127 // JVNDB: JVNDB-2013-001621 // CNNVD: CNNVD-201302-329 // NVD: CVE-2013-1125

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-61127 // JVNDB: JVNDB-2013-001621 // NVD: CVE-2013-1125

THREAT TYPE

local

Trust: 0.9

sources: BID: 58063 // CNNVD: CNNVD-201302-329

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201302-329

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001621

PATCH
title:Multiple Cisco Product Root Shell Access Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001621

EXTERNAL IDS
db:NVDid:CVE-2013-1125
Trust: 2.8
db:JVNDBid:JVNDB-2013-001621
Trust: 0.8
db:CNNVDid:CNNVD-201302-329
Trust: 0.7
db:SECUNIAid:52268
Trust: 0.6
db:CISCOid:20130215 MULTIPLE CISCO PRODUCT ROOT SHELL ACCESS VULNERABILITY
Trust: 0.6
db:BIDid:58063
Trust: 0.4
db:VULHUBid:VHN-61127
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61127 // 
            
            
            
            BID: 58063 // 
            
            
            
            JVNDB: JVNDB-2013-001621 // 
            
            
            
            CNNVD: CNNVD-201302-329 // 
            
            
            
            NVD: CVE-2013-1125

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1125
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1125
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1125
Trust: 0.8
url:http://secunia.com/advisories/52268
Trust: 0.6
url:http://tools.cisco.com/security/center/viewalert.x?alertid=28284
Trust: 0.3
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61127 // 
            
            
            
            BID: 58063 // 
            
            
            
            JVNDB: JVNDB-2013-001621 // 
            
            
            
            CNNVD: CNNVD-201302-329 // 
            
            
            
            NVD: CVE-2013-1125

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 58063

SOURCES
db:VULHUBid:VHN-61127
db:BIDid:58063
db:JVNDBid:JVNDB-2013-001621
db:CNNVDid:CNNVD-201302-329
db:NVDid:CVE-2013-1125

LAST UPDATE DATE
2024-11-23T22:46:11.292000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61127date:2013-02-20T00:00:00
db:BIDid:58063date:2013-02-15T00:00:00
db:JVNDBid:JVNDB-2013-001621date:2013-02-21T00:00:00
db:CNNVDid:CNNVD-201302-329date:2013-02-21T00:00:00
db:NVDid:CVE-2013-1125date:2024-11-21T01:48:57.287

SOURCES RELEASE DATE
db:VULHUBid:VHN-61127date:2013-02-19T00:00:00
db:BIDid:58063date:2013-02-15T00:00:00
db:JVNDBid:JVNDB-2013-001621date:2013-02-21T00:00:00
db:CNNVDid:CNNVD-201302-329date:2013-02-21T00:00:00
db:NVDid:CVE-2013-1125date:2013-02-19T23:55:02.097