CVE-2013-1125 : The command-line interface in Cisco Identity Services Engine Software, Secure Ac

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.

Published 2013-02-19 23:55:02

Updated 2025-04-11 00:51:22

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-1125

Cisco » Application Networking Manager » Version: N/A
cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Provisioning Manager » Version: N/A
cpe:2.3:a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:*
Matching versions
Cisco » Secure Access Control System » Version: N/A
cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*
Matching versions
Cisco » Identity Services Engine Software » Version: N/A
cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*
Matching versions
Cisco » Prime Lan Management Solution » Version: N/A
cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*
Matching versions
Cisco » Quad » Version: N/A
cpe:2.3:a:cisco:quad:-:*:*:*:*:*:*:*
Matching versions
Cisco » Prime Network Control System » Version: N/A
cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*
Matching versions
Cisco » Context Directory Agent » Version: N/A
cpe:2.3:a:cisco:context_directory_agent:-:*:*:*:*:*:*:*
Matching versions
Cisco » Prime Collaboration » Version: N/A
cpe:2.3:a:cisco:prime_collaboration:-:*:*:*:*:*:*:*
Matching versions
Cisco » Network Services Manager » Version: N/A
cpe:2.3:a:cisco:network_services_manager:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-1125

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1125

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:L/AC:L/Au:S/C:C/I:C/A:C	3.1	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-1125

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1125

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125

Multiple Cisco Product Root Shell Access Vulnerability

Jump to

Vulnerability Details : CVE-2013-1125

Products affected by CVE-2013-1125

Exploit prediction scoring system (EPSS) score for CVE-2013-1125

CVSS scores for CVE-2013-1125

CWE ids for CVE-2013-1125

References for CVE-2013-1125