Vulnerability Description
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance Device Manager | <= 5.2.5 |
| Cisco | Nexus 5000 | - |
| Cisco | Nexus 5010 | - |
| Cisco | Nexus 5010P Switch | - |
| Cisco | Nexus 5020 | - |
| Cisco | Nexus 5020P Switch | - |
| Cisco | Nexus 5548P | - |
| Cisco | Nexus 5548Up | - |
| Cisco | Nexus 5596Up | - |
| Cisco | Mds 9000 | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
FAQ
What is CVE-2013-1192?
CVE-2013-1192 is a vulnerability with a CVSS score of 9.3 (HIGH). The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows cl...
How severe is CVE-2013-1192?
CVE-2013-1192 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1192?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Device Manager, Cisco Nexus 5000, Cisco Nexus 5010, Cisco Nexus 5010P Switch, Cisco Nexus 5020.