Details of VAR-201304-0255

ID

VAR-201304-0255

CVE

CVE-2013-1192

TITLE

Cisco MDS 9000 and Nexus 5000 For devices Cisco Device Manager Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-002477

DESCRIPTION

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802. Vendors have confirmed this vulnerability Bug ID CSCty17417 and CSCty10802 It is released as.Skillfully crafted by a third party element-manager.jnlp Through the file Windows An arbitrary code may be executed on the client machine. Successful exploits may allow an attacker to execute arbitrary commands with the privileges of the user running the affected application. These issues are being tracked by Cisco Bug IDs CSCty17417 and CSCty10802

Trust: 1.98

sources: NVD: CVE-2013-1192 // JVNDB: JVNDB-2013-002477 // BID: 59449 // VULHUB: VHN-61194

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.2.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.9	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.2.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.2.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.5	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.2.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.8	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.1.1	Trust: 1.6
vendor:	cisco	model:	nexus 5020p switch	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.7	Trust: 1.0
vendor:	cisco	model:	nexus 5010p switch	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5010	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance device manager	scope:	lte	version:	5.2.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.6	Trust: 1.0
vendor:	cisco	model:	nexus 5000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	mds 9000	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	nexus 5020	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5548p	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 5596up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	nexus 5548up	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	device manager	scope:	lt	version:	5.2.8 (cisco mds 9000 device )	Trust: 0.8
vendor:	cisco	model:	device manager	scope:	lte	version:	5.x (cisco nexus 5000 device )	Trust: 0.8
vendor:	cisco	model:	mds 9000 series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5010 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5010p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5020 switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5020p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5548p switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5548up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nexus 5596up switch	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance device manager	scope:	eq	version:	5.2.5	Trust: 0.6

sources: JVNDB: JVNDB-2013-002477 // CNNVD: CNNVD-201304-531 // NVD: CVE-2013-1192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1192
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1192
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201304-531
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-61194
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1192
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61194
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61194 // JVNDB: JVNDB-2013-002477 // CNNVD: CNNVD-201304-531 // NVD: CVE-2013-1192

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61194 // JVNDB: JVNDB-2013-002477 // NVD: CVE-2013-1192

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-531

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201304-531

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002477

PATCH

title:	cisco-sa-20130424-fmdm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm	Trust: 0.8
title:	Cisco Device Manager Remote Command Execution (CSCty17417)	url:	http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=2148&signatureSubId=0&softwareVersion=6.0&releaseVersion=S711	Trust: 0.8
title:	29019	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29019	Trust: 0.8

sources: JVNDB: JVNDB-2013-002477

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1192	Trust: 2.8
db:	BID	id:	59449	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002477	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-531	Trust: 0.7
db:	SECUNIA	id:	53190	Trust: 0.6
db:	CISCO	id:	20130424 CISCO DEVICE MANAGER COMMAND EXECUTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61194	Trust: 0.1

sources: VULHUB: VHN-61194 // BID: 59449 // JVNDB: JVNDB-2013-002477 // CNNVD: CNNVD-201304-531 // NVD: CVE-2013-1192

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130424-fmdm	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1192	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1192	Trust: 0.8
url:	http://secunia.com/advisories/53190	Trust: 0.6
url:	http://www.securityfocus.com/bid/59449	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61194 // BID: 59449 // JVNDB: JVNDB-2013-002477 // CNNVD: CNNVD-201304-531 // NVD: CVE-2013-1192

CREDITS

Cisco

Trust: 0.9

sources: BID: 59449 // CNNVD: CNNVD-201304-531

SOURCES

db:	VULHUB	id:	VHN-61194
db:	BID	id:	59449
db:	JVNDB	id:	JVNDB-2013-002477
db:	CNNVD	id:	CNNVD-201304-531
db:	NVD	id:	CVE-2013-1192

LAST UPDATE DATE

2024-11-23T23:02:52.355000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61194	date:	2018-10-30T00:00:00
db:	BID	id:	59449	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002477	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-531	date:	2013-04-26T00:00:00
db:	NVD	id:	CVE-2013-1192	date:	2024-11-21T01:49:05.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61194	date:	2013-04-25T00:00:00
db:	BID	id:	59449	date:	2013-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2013-002477	date:	2013-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201304-531	date:	2013-04-25T00:00:00
db:	NVD	id:	CVE-2013-1192	date:	2013-04-25T10:55:01.787