Vulnerability Name: CVE-2013-1196 (CCN-83935) Assigned: 2013-04-12 Published: 2013-04-12 Updated: 2013-04-30 Summary: The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125 . CVSS v3 Severity: 8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C 5.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C 5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2013-1196 Multiple Cisco Products root Privileges Command Execution Vulnerability 20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability multiple-cisco-cve20131196-command-exec(83935) Vulnerable Configuration: Configuration 1 :cpe:/a:cisco:application_networking_manager:-:*:*:*:*:*:*:* OR cpe:/a:cisco:context_directory_agent:-:*:*:*:*:*:*:* OR cpe:/a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:* OR cpe:/a:cisco:network_services_manager:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_collaboration:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_data_center_network_manager:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_network_control_system:-:*:*:*:*:*:*:* OR cpe:/a:cisco:quad:-:*:*:*:*:*:*:* OR cpe:/a:cisco:secure_access_control_system:-:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:cisco:quad:-:*:*:*:*:*:*:* OR cpe:/a:cisco:secure_access_control_system:-:*:*:*:*:*:*:* OR cpe:/a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:* OR cpe:/a:cisco:context_directory_agent:-:*:*:*:*:*:*:* OR cpe:/a:cisco:application_networking_manager:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_network_control_system:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_collaboration:-:*:*:*:*:*:*:* OR cpe:/a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:* OR cpe:/a:cisco:network_services_manager:-:*:*:*:*:*:*:* OR cpe:/a:cisco:prime_data_center_network_manager:-:*:*:*:*:*:*:* BACK
cisco application networking manager -
cisco context directory agent -
cisco identity services engine software -
cisco network services manager -
cisco prime collaboration -
cisco prime data center network manager -
cisco prime lan management solution -
cisco prime network control system -
cisco quad -
cisco secure access control system -
cisco unified provisioning manager -
cisco quad -
cisco secure access control system -
cisco identity services engine software -
cisco context directory agent -
cisco application networking manager -
cisco prime network control system -
cisco prime lan management solution -
cisco prime collaboration -
cisco unified provisioning manager -
cisco network services manager -
cisco prime data center network manager -
Denotes that component is vulnerable