CVE-2013-1192

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager::::::::
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:::::::*

OR	cpe:2.3:h:cisco:nexus_5000:-:::::::*
	cpe:2.3:h:cisco:nexus_5010:-:::::::*
	cpe:2.3:h:cisco:nexus_5010p_switch:-:::::::*
	cpe:2.3:h:cisco:nexus_5020:-:::::::*
	cpe:2.3:h:cisco:nexus_5020p_switch:-:::::::*
	cpe:2.3:h:cisco:nexus_5548p:-:::::::*
	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
	cpe:2.3:h:cisco:nexus_5596up:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager::::::::
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:::::::*

cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:49

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm - Vendor Advisory

Information

Published : 2013-04-25 10:55

Updated : 2024-11-21 01:49

NVD link : CVE-2013-1192

Mitre link : CVE-2013-1192

CVE.ORG link : CVE-2013-1192

JSON object : View

Products Affected

cisco

nexus_5010
nexus_5548up
nexus_5010p_switch
adaptive_security_appliance_device_manager
mds_9000
nexus_5000
nexus_5596up
nexus_5548p
nexus_5020p_switch
nexus_5020

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-1192", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-04-25T10:55:01.787", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802."}, {"lang": "es", "value": "Los archivos JAR en Cisco Device Manager de dispositivos Cisco MDS 9000 antes de v5.2.8 y Cisco Device Manager dispositivos Nexus 5000, permite a atacantes remotos ejecutar comandos arbitrarios en los equipos cliente de Windows a trav\u00e9s de un archivo de elemento manager.jnlp hecho a mano, tambi\u00e9n conocido como Bug IDs CSCty17417 y CSCty10802."}], "lastModified": "2024-11-21T01:49:05.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79FD6080-B82E-4DB6-A4DF-470FE996E07C", "versionEndIncluding": "5.2.5"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09BAF24A-AC9F-447E-9C35-315BA6271B2E"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6741F961-98F5-48C0-853E-C5B5C29172BC"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C84EB0EF-B0AF-4932-A719-31B97BFA3AA2"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260A022E-EC6B-4D62-AE08-69F743D89827"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D17331FF-28B0-4EB0-B2FB-8A56218E6037"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98E79DFE-7496-4022-8A24-0723DD28BE9C"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E52DAC91-9280-4F7E-A0CF-750700FF3290"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B77C14F-03F5-4B90-8098-D90AACFC043F"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9A26D-FBFF-40C5-A041-6BB65511C53A"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D58402E4-472E-46AE-AC0C-25B12C9C6567"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD03EE75-B7A4-4C7A-B691-FC9E4C8BE594"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C6A552-F328-4331-BBF8-EA3D6A5B3936"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D179D1F3-EB94-4D4F-9B0C-074B59570DAF"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8995A10A-C0A0-4297-9F7D-5B4C3D8A26BB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC"}, {"criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A"}, {"criteria": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD1E96B-1927-42DC-A47B-5632CED2D40F"}, {"criteria": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA7F5823-41A8-47C8-A154-02C6C31EF76A"}, {"criteria": "cpe:2.3:h:cisco:nexus_5020p_switch:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0737BA36-75AB-478D-9001-3DA3E49C6F00"}, {"criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2"}, {"criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4"}, {"criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79FD6080-B82E-4DB6-A4DF-470FE996E07C", "versionEndIncluding": "5.2.5"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09BAF24A-AC9F-447E-9C35-315BA6271B2E"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6741F961-98F5-48C0-853E-C5B5C29172BC"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C84EB0EF-B0AF-4932-A719-31B97BFA3AA2"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260A022E-EC6B-4D62-AE08-69F743D89827"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D17331FF-28B0-4EB0-B2FB-8A56218E6037"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98E79DFE-7496-4022-8A24-0723DD28BE9C"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E52DAC91-9280-4F7E-A0CF-750700FF3290"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B77C14F-03F5-4B90-8098-D90AACFC043F"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C9A26D-FBFF-40C5-A041-6BB65511C53A"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D58402E4-472E-46AE-AC0C-25B12C9C6567"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD03EE75-B7A4-4C7A-B691-FC9E4C8BE594"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73C6A552-F328-4331-BBF8-EA3D6A5B3936"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D179D1F3-EB94-4D4F-9B0C-074B59570DAF"}, {"criteria": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8995A10A-C0A0-4297-9F7D-5B4C3D8A26BB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F2ED90B-DDBA-49DE-AC78-20E7D77C8858"}], "operator": "OR"}], "operator": "AND"}], "evaluatorImpact": "Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm\r\n\r\n\"Cisco Device Manager versions 5.x and earlier. Note: Only Cisco Device Manager software installed or launched via JNLP file on Microsoft Windows is affected by this vulnerability.\"", "sourceIdentifier": "ykramarz@cisco.com"}

9.3 /10