CVE-2013-1192

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager::::::::
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:::::::*

OR	cpe:2.3:h:cisco:nexus_5596up:-:::::::*
	cpe:2.3:h:cisco:nexus_5548p:-:::::::*
	cpe:2.3:h:cisco:nexus_5020:-:::::::*
	cpe:2.3:h:cisco:nexus_5010:-:::::::*
	cpe:2.3:h:cisco:nexus_5010p_switch:-:::::::*
	cpe:2.3:h:cisco:nexus_5020p_switch:-:::::::*
	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
	cpe:2.3:h:cisco:nexus_5000:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:::::::*
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager::::::::
	cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:::::::*

cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*

Information

Published : 2013-04-25 03:55

Updated : 2018-10-30 09:26

NVD link : CVE-2013-1192

Mitre link : CVE-2013-1192

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

cisco

mds_9000
nexus_5596up
nexus_5000
nexus_5020
nexus_5020p_switch
nexus_5548p
nexus_5548up
adaptive_security_appliance_device_manager
nexus_5010p_switch
nexus_5010

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-fmdm", "name": "20130424 Cisco Device Manager Command Execution Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-1192", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-04-25T10:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.2.5"}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5010p_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5020p_switch:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.2.5"}, {"cpe23Uri": "cpe:2.3:a:cisco:adaptive_security_appliance_device_manager:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:mds_9000:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:26Z"}

9.3 /10