CVE-2013-1125
Description
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.459
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco Secure Access Control Server Solution Engine | NCM |
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco Identity Services Engine | NCM |
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco ASA Content Security and Control | NCM |
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco Application Networking Manager | NCM |
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco Prime Infrastructure | NCM |
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco Prime LAN Management Solution | NCM |
| Multiple Cisco Products Root Shell Access Vulnerability For Cisco Prime Unified Provisioning Manager | NCM |
| Improper Input Validation Vulnerability (CVE-2013-1125) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705698 | Security Update for Cisco Secure Access Control Server Solution Engine 5.8(0.32.2) |
| PATCH-1706002 | Security Update for Cisco Identity Services Engine 2.0(0.905) |
| PATCH-1705635 | Security Update for Cisco Application Networking Manager 5.240 |
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
| PATCH-1705397 | Security Update for Cisco Prime LAN Management Solution 4.2(4) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234