CVE-2012-6392

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:prime_lan_management_solution:4.1:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:4.2:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:4.2.1:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:4.2.2:::::::*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-01-17 15:55

Updated : 2024-02-04 18:16

NVD link : CVE-2012-6392

Mitre link : CVE-2012-6392

CVE.ORG link : CVE-2012-6392

JSON object : View

Products Affected

cisco

prime_lan_management_solution

linux

linux_kernel

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-6392", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-17T15:55:01.563", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779."}, {"lang": "es", "value": "Cisco Prime LAN Management Solution (LMS) v4.1 a v4.2.2 en Linux no valida correctamente las solicitudes de autenticaci\u00f3n y autorizaci\u00f3n en sesiones TCP, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una sesi\u00f3n hecha a mano. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCuc79779."}], "lastModified": "2013-01-29T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54165D6B-BDCB-44DC-B693-C63C858AC9A3"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB2B254E-2206-4516-B39C-AC276859CF5F"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DD8078E-C3EC-4366-B645-2FF8DCF6DA53"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E329DAC-C618-4DB0-88B7-A2867EA083AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}