CVE-2013-1196: Input Validation
First published: Mon Apr 29 2013(Updated: )
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Application Networking Manager | ||
| Cisco Context Directory Agent | ||
| Cisco Identity Services Engine | ||
| Cisco Network Services Manager | ||
| Cisco Prime Collaboration | ||
| Cisco Prime Data Center Network Manager (DCNM) | ||
| Cisco Prime LAN Management Solution | ||
| Cisco Prime Network Control System Software | ||
| Cisco Quad | ||
| Cisco Secure Access Control System | ||
| Cisco Unified Provisioning Manager |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-1196?
CVE-2013-1196 is classified as a high severity vulnerability due to its potential to allow unauthorized access to sensitive information.
Which Cisco products are affected by CVE-2013-1196?
CVE-2013-1196 affects multiple Cisco products including Cisco Secure Access Control System, Identity Services Engine Software, and Prime Network Control System.
How do I fix CVE-2013-1196?
To fix CVE-2013-1196, it is recommended to upgrade to the patched versions of the affected Cisco software as provided in security advisories.
What type of attack can CVE-2013-1196 enable?
CVE-2013-1196 can enable attackers to exploit gaps in the command-line interface, potentially gaining unauthorized administrative access.
Is there a workaround for CVE-2013-1196?
While there is no official workaround for CVE-2013-1196, implementing strict access controls and monitoring can help mitigate risks.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco application networking manager
- canonical/cisco context directory agent
- canonical/cisco identity services engine
- canonical/cisco network services manager
- canonical/cisco prime collaboration
- canonical/cisco prime data center network manager (dcnm)
- canonical/cisco prime lan management solution
- canonical/cisco prime network control system software
- canonical/cisco quad
- canonical/cisco secure access control system
- canonical/cisco unified provisioning manager