Release date:
Updated on:
Affected Systems:
Cisco Identity Services Engine 1.x
Cisco Context Directory Agent 1.x
Cisco Network Services Manager 5.x
Cisco Prime Collaboration 9.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-1125
Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, the command line interface of Quad, Context Directory Agent, Prime Collaboration, uniied Provisioning Manager, and Network Services Manager does not correctly verify the input, allowing authenticated local users to obtain root shell access permissions.
<* Source: vendor
Link: http://secunia.com/advisories/52268/
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-1125) and patches for this:
CVE-2013-1125: Multiple Cisco Product Root Shell Access Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125