Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20130219-CVE-2013-1125
HistoryFeb 19, 2013 - 6:28 p.m.

Multiple Cisco Products Root Shell Access Vulnerability

2013-02-1918:28:32
tools.cisco.com
17

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.001

Percentile

28.7%

JSON

Multiple Cisco products contain a vulnerability that could allow a local attacker to gain shell access with root privileges.

The vulnerability is due to incorrect validation of user-supplied input processed by the command-line interface (CLI) on Cisco products running the affected software. A local attacker with access to an affected device could exploit this vulnerability by submitting specially crafted input to be processed by the vulnerable component. Successful exploitation could allow an attacker to gain shell access with root privileges on a targeted system, which could result in a complete system compromise.

Cisco has confirmed the vulnerability; however, software updates are not available.

To exploit this vulnerability, the attacker must have local access to a targeted system. This access restriction limits the possibility of a successful exploit.

Customers are advised to review the bug reports in the vendor announcements section for a current list of affected products and versions.

Affected configurations

Vulners
Node
ciscosecure_access_control_systemMatchany
OR
ciscoapplication_networking_managerMatchany
OR
ciscounified_provisioning_managerMatchany
OR
ciscoquadMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscoprime_lan_management_solutionMatchany
OR
ciscoprime_network_control_systemMatchany
OR
ciscoprime_collaborationMatchany
OR
ciscocontext_directory_agentMatchany
OR
cisconetwork_services_managerMatchany
OR
ciscosecure_access_control_systemMatchany
OR
ciscoapplication_networking_managerMatchany
OR
ciscounified_provisioning_managerMatchany
OR
ciscoquadMatchany
OR
ciscoidentity_services_engine_softwareMatchany
OR
ciscoprime_lan_management_solutionMatchany
OR
ciscoprime_network_control_systemMatchany
OR
ciscoprime_collaborationMatchany
OR
ciscocontext_directory_agentMatchany
OR
cisconetwork_services_managerMatchany
VendorProductVersionCPE
ciscosecure_access_control_systemanycpe:2.3:a:cisco:secure_access_control_system:any:*:*:*:*:*:*:*
ciscoapplication_networking_manageranycpe:2.3:a:cisco:application_networking_manager:any:*:*:*:*:*:*:*
ciscounified_provisioning_manageranycpe:2.3:a:cisco:unified_provisioning_manager:any:*:*:*:*:*:*:*
ciscoquadanycpe:2.3:a:cisco:quad:any:*:*:*:*:*:*:*
ciscoidentity_services_engine_softwareanycpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:*
ciscoprime_lan_management_solutionanycpe:2.3:a:cisco:prime_lan_management_solution:any:*:*:*:*:*:*:*
ciscoprime_network_control_systemanycpe:2.3:a:cisco:prime_network_control_system:any:*:*:*:*:*:*:*
ciscoprime_collaborationanycpe:2.3:a:cisco:prime_collaboration:any:*:*:*:*:*:*:*
ciscocontext_directory_agentanycpe:2.3:a:cisco:context_directory_agent:any:*:*:*:*:*:*:*
cisconetwork_services_manageranycpe:2.3:a:cisco:network_services_manager:any:*:*:*:*:*:*:*

Related

prion 2
cvelist 2
nvd 2
cve 2
prion
prion
Design/Logic Flaw
2013-02-19 23:55:00
Design/Logic Flaw
2013-04-29 21:55:00
cvelist
cvelist
CVE-2013-1125
2013-02-19 23:00:00
CVE-2013-1196
2013-04-29 21:00:00
nvd
nvd
CVE-2013-1125
2013-02-19 23:55:02
CVE-2013-1196
2013-04-29 21:55:37
cve
cve
CVE-2013-1125
2013-02-19 23:55:02
CVE-2013-1196
2013-04-29 21:55:37

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.001

Percentile

28.7%

JSON
Related for CISCO-SA-20130219-CVE-2013-1125
prion2cvelist2nvd2cve2