CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cisco : Security Vulnerabilities Published In 2013 (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6685 264 +Priv 2013-11-13 2013-11-14
6.6
None Local Medium Single system Complete Complete Complete
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.
2 CVE-2013-5556 264 Exec Code +Priv 2013-11-17 2013-11-20
6.8
None Local Low Single system Complete Complete Complete
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
3 CVE-2013-5533 20 +Priv 2013-10-10 2013-10-23
6.0
None Local High Single system Complete Complete Complete
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.
4 CVE-2013-5522 264 +Priv 2013-10-24 2013-10-25
6.8
None Local Low Single system Complete Complete Complete
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
5 CVE-2013-3434 +Priv 2013-07-18 2013-08-19
6.8
None Local Low Single system Complete Complete Complete
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242.
6 CVE-2013-3433 +Priv 2013-07-18 2013-08-19
6.8
None Local Low Single system Complete Complete Complete
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
7 CVE-2013-3408 264 +Priv 2013-07-10 2013-08-19
6.8
None Local Low Single system Complete Complete Complete
The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764.
8 CVE-2013-3403 +Priv 2013-07-18 2013-08-19
6.8
None Local Low Single system Complete Complete Complete
Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454.
9 CVE-2013-1215 264 +Priv 2013-04-25 2013-04-26
6.8
None Local Low Single system Complete Complete Complete
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295.
10 CVE-2013-1173 119 Overflow +Priv 2013-04-11 2013-04-11
6.6
None Local Medium Single system Complete Complete Complete
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
11 CVE-2013-1172 20 +Priv 2013-04-11 2013-04-11
6.6
None Local Medium Single system Complete Complete Complete
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
12 CVE-2013-1130 264 +Priv 2013-09-20 2013-09-23
6.8
None Local Low Single system Complete Complete Complete
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
13 CVE-2012-4121 264 +Priv 2013-10-13 2013-10-16
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges, and read or modify arbitrary files, via the sed (1) r and (2) w commands, aka Bug IDs CSCts56559, CSCts56565, CSCts56570, and CSCts56574.
14 CVE-2012-4113 264 +Priv 2013-10-19 2013-10-21
4.6
None Local Low Single system Complete None None
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374.
15 CVE-2012-4112 264 Exec Code +Priv 2013-10-19 2013-10-21
6.8
None Local Low Single system Complete Complete Complete
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the command-line interface, aka Bug ID CSCtr43330.
16 CVE-2012-4111 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
The create certreq command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86563.
17 CVE-2012-4110 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560.
18 CVE-2012-4109 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559.
19 CVE-2012-4108 78 Exec Code +Priv 2013-10-13 2013-10-15
6.8
None Local Low Single system Complete Complete Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554.
20 CVE-2012-4107 264 Exec Code +Priv 2013-10-13 2013-10-23
4.6
None Local Low Single system None Complete None
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted parameters to a file-related command, aka Bug ID CSCtq86489.
21 CVE-2012-4106 264 Exec Code +Priv 2013-10-13 2013-10-23
6.8
None Local Low Single system Complete Complete Complete
The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477.
22 CVE-2012-4103 20 +Priv 2013-10-02 2013-10-10
6.8
None Local Low Single system Complete Complete Complete
ethanalyzer in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02686.
23 CVE-2012-4102 20 +Priv 2013-10-02 2013-10-03
6.8
None Local Low Single system Complete Complete Complete
The activate firmware command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq02600.
24 CVE-2012-4096 20 +Priv 2013-09-30 2013-10-01
6.2
None Local Low Single system Complete Complete None
The local file editor in the Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and modify arbitrary fabric-interconnect files, in the context of a vi process, via unspecified commands, aka Bug ID CSCtn06574.
25 CVE-2012-4095 20 +Priv 2013-10-02 2013-10-23
5.5
None Local High Single system Complete Complete None
The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521.
26 CVE-2012-4082 20 +Priv 2013-09-20 2013-10-23
6.8
None Local Low Single system Complete Complete Complete
MCTools in the Cisco Management Controller in Cisco Unified Computing System (UCS) allows local users to gain privileges by entering crafted command-line parameters on a Fabric Interconnect device, aka Bug ID CSCtg20749.
27 CVE-2012-4077 264 Exec Code +Priv 2013-10-13 2013-10-23
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651.
28 CVE-2012-4076 20 Exec Code +Priv 2013-10-13 2013-10-23
6.8
None Local Low Single system Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in a command that calls the system library function, aka Bug IDs CSCtf23559 and CSCtf27780.
29 CVE-2012-4075 78 Exec Code +Priv 2013-10-05 2013-10-23
7.2
None Local Low Not required Complete Complete Complete
Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via shell metacharacters in unspecified command parameters, aka Bug IDs CSCtf19827 and CSCtf27788.
30 CVE-2012-1313 264 +Priv 2013-09-27 2013-10-10
6.5
None Local Low Multiple systems Complete Complete Complete
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.