CVE-2013-1125 — MEDIUM (6.8)

Vulnerability Description

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.

CVSS Score

6.8

MEDIUM

AV:L/AC:L/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Application Networking Manager	-
Cisco	Context Directory Agent	-
Cisco	Identity Services Engine Software	-
Cisco	Network Services Manager	-
Cisco	Prime Collaboration	-
Cisco	Prime Lan Management Solution	-
Cisco	Prime Network Control System	-
Cisco	Quad	-
Cisco	Secure Access Control System	-
Cisco	Unified Provisioning Manager	-

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2013-1125?

CVE-2013-1125 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Cont...

How severe is CVE-2013-1125?

CVE-2013-1125 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1125?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Application Networking Manager, Cisco Context Directory Agent, Cisco Identity Services Engine Software, Cisco Network Services Manager, Cisco Prime Collaboration.