CVE-2013-1192: Input Validation
First published: Thu Apr 25 2013(Updated: )
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Adaptive Security Device Manager | <=5.2.5 | |
| Cisco Adaptive Security Device Manager | =5.0.1 | |
| Cisco Adaptive Security Device Manager | =5.0.2 | |
| Cisco Adaptive Security Device Manager | =5.0.4 | |
| Cisco Adaptive Security Device Manager | =5.0.5 | |
| Cisco Adaptive Security Device Manager | =5.0.6 | |
| Cisco Adaptive Security Device Manager | =5.0.7 | |
| Cisco Adaptive Security Device Manager | =5.0.8 | |
| Cisco Adaptive Security Device Manager | =5.0.9 | |
| Cisco Adaptive Security Device Manager | =5.1.1 | |
| Cisco Adaptive Security Device Manager | =5.1.2 | |
| Cisco Adaptive Security Device Manager | =5.2.1 | |
| Cisco Adaptive Security Device Manager | =5.2.2 | |
| Cisco Adaptive Security Device Manager | =5.2.3 | |
| Cisco Adaptive Security Device Manager | =5.2.4 | |
| Cisco Nexus 5000 firmware | ||
| Cisco Nexus 5010 | ||
| Cisco Nexus 5010 | ||
| Cisco Nexus 5020 | ||
| Cisco Nexus 5020p Switch | ||
| Cisco Nexus 5548P Firmware | ||
| Cisco Nexus 5548UP Firmware | ||
| Cisco Nexus 5596UP Firmware | ||
| Cisco MDS 9000 Series Multilayer Switches |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-1192?
CVE-2013-1192 is rated as high severity due to the potential for remote code execution on affected systems.
How do I fix CVE-2013-1192?
To mitigate CVE-2013-1192, upgrade the Cisco Device Manager to a version that is 5.2.8 or later.
Which Cisco products are affected by CVE-2013-1192?
CVE-2013-1192 affects the Cisco Device Manager for Cisco MDS 9000 and Cisco Nexus 5000 devices prior to version 5.2.8.
What type of attacks can leverage CVE-2013-1192?
Attackers can exploit CVE-2013-1192 to execute arbitrary commands on Windows client machines via a malicious JNLP file.
Are there any specific versions of Cisco Device Manager affected by CVE-2013-1192?
Yes, all versions of Cisco Device Manager below 5.2.8, including versions 5.0.1 through 5.2.4, are affected by CVE-2013-1192.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco adaptive security device manager
- version/cisco adaptive security device manager/5.2.5
- version/cisco adaptive security device manager/5.0.1
- version/cisco adaptive security device manager/5.0.2
- version/cisco adaptive security device manager/5.0.4
- version/cisco adaptive security device manager/5.0.5
- version/cisco adaptive security device manager/5.0.6
- version/cisco adaptive security device manager/5.0.7
- version/cisco adaptive security device manager/5.0.8
- version/cisco adaptive security device manager/5.0.9
- version/cisco adaptive security device manager/5.1.1
- version/cisco adaptive security device manager/5.1.2
- version/cisco adaptive security device manager/5.2.1
- version/cisco adaptive security device manager/5.2.2
- version/cisco adaptive security device manager/5.2.3
- version/cisco adaptive security device manager/5.2.4
- canonical/cisco nexus 5000 firmware
- canonical/cisco nexus 5010
- canonical/cisco nexus 5020
- canonical/cisco nexus 5020p switch
- canonical/cisco nexus 5548p firmware
- canonical/cisco nexus 5548up firmware
- canonical/cisco nexus 5596up firmware
- canonical/cisco mds 9000 series multilayer switches