Sign-up

ID

VAR-201304-0259


CVE

CVE-2013-1196


TITLE

plural Cisco In the product command line interface root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002517

DESCRIPTION

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125. plural Cisco The product command line interface does not validate input properly, root There are vulnerabilities that can be granted privileges. Vendors have confirmed this vulnerability Bug ID CSCug29384 , CSCug13866 , CSCug29400 , CSCug29406 , CSCug29411 , CSCug29413 , CSCug29416 , CSCug29418 , CSCug29422 , CSCug29425 ,and CSCug29426 It is released as. This vulnerability CVE-2013-1125 Is a different vulnerability.By local users root You may get permission. Cisco is a provider of Internet solutions whose devices and software products are primarily used to connect computer network systems. Because the program fails to fully validate the authentication, an attacker can exploit the vulnerability to execute arbitrary commands with the privileges of the root user. This may facilitate a complete compromise of an affected device. Cisco Secure Access Control System (ACS) is a set of security access control system of Cisco (Cisco). The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 2.52

sources: NVD: CVE-2013-1196 // JVNDB: JVNDB-2013-002517 // CNVD: CNVD-2013-04787 // BID: 59578 // VULHUB: VHN-61198

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04787

AFFECTED PRODUCTS

vendor:ciscomodel:quadscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified provisioning managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime data center network managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:network services managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime network control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:application networking managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:context directory agentscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime lan management solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 1.4

vendor:ciscomodel:application networking managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:prime lan management solutionscope: - version: -

Trust: 1.4

vendor:ciscomodel:quadscope: - version: -

Trust: 1.4

vendor:ciscomodel:context directory agentscope: - version: -

Trust: 1.4

vendor:ciscomodel:prime collaborationscope: - version: -

Trust: 1.4

vendor:ciscomodel:unified provisioning managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:network services managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:prime data center network managerscope: - version: -

Trust: 1.4

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:prime network control system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:secure access control system softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:secure access control systemscope: - version: -

Trust: 0.6

vendor:ciscomodel:prime network control systemscope: - version: -

Trust: 0.6

vendor:ciscomodel:quadscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-04787 // BID: 59578 // JVNDB: JVNDB-2013-002517 // CNNVD: CNNVD-201304-610 // NVD: CVE-2013-1196

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1196
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1196
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-04787
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201304-610
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61198
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1196
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-04787
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-61198
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-04787 // VULHUB: VHN-61198 // JVNDB: JVNDB-2013-002517 // CNNVD: CNNVD-201304-610 // NVD: CVE-2013-1196

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-61198 // JVNDB: JVNDB-2013-002517 // NVD: CVE-2013-1196

THREAT TYPE

local

Trust: 0.9

sources: BID: 59578 // CNNVD: CNNVD-201304-610

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201304-610

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002517

PATCH
title:Multiple Cisco Products root Privileges Command Execution Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196
Trust: 0.8
title:Patch for Multiple Cisco Product Root Permission Command Execution Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/33771
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-04787 // 
            
            
            
            JVNDB: JVNDB-2013-002517

EXTERNAL IDS
db:NVDid:CVE-2013-1196
Trust: 3.4
db:BIDid:59578
Trust: 1.0
db:JVNDBid:JVNDB-2013-002517
Trust: 0.8
db:CNNVDid:CNNVD-201304-610
Trust: 0.7
db:CNVDid:CNVD-2013-04787
Trust: 0.6
db:CISCOid:20130412 MULTIPLE CISCO PRODUCTS ROOT PRIVILEGES COMMAND EXECUTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-61198
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04787 // 
            
            
            
            VULHUB: VHN-61198 // 
            
            
            
            BID: 59578 // 
            
            
            
            JVNDB: JVNDB-2013-002517 // 
            
            
            
            CNNVD: CNNVD-201304-610 // 
            
            
            
            NVD: CVE-2013-1196

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1196
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1196
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1196
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04787 // 
            
            
            
            VULHUB: VHN-61198 // 
            
            
            
            BID: 59578 // 
            
            
            
            JVNDB: JVNDB-2013-002517 // 
            
            
            
            CNNVD: CNNVD-201304-610 // 
            
            
            
            NVD: CVE-2013-1196

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 59578

SOURCES
db:CNVDid:CNVD-2013-04787
db:VULHUBid:VHN-61198
db:BIDid:59578
db:JVNDBid:JVNDB-2013-002517
db:CNNVDid:CNNVD-201304-610
db:NVDid:CVE-2013-1196

LAST UPDATE DATE
2024-11-23T22:08:31.399000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04787date:2013-05-28T00:00:00
db:VULHUBid:VHN-61198date:2013-04-30T00:00:00
db:BIDid:59578date:2015-03-19T08:50:00
db:JVNDBid:JVNDB-2013-002517date:2013-05-01T00:00:00
db:CNNVDid:CNNVD-201304-610date:2013-07-15T00:00:00
db:NVDid:CVE-2013-1196date:2024-11-21T01:49:05.700

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04787date:2013-05-06T00:00:00
db:VULHUBid:VHN-61198date:2013-04-29T00:00:00
db:BIDid:59578date:2013-04-12T00:00:00
db:JVNDBid:JVNDB-2013-002517date:2013-05-01T00:00:00
db:CNNVDid:CNNVD-201304-610date:2013-04-29T00:00:00
db:NVDid:CVE-2013-1196date:2013-04-29T21:55:37.203