CVE-2013-1192
published 2013-04-25CVE-2013-1192: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.41%
82.0th percentile
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | adaptive_security_appliance_device_manager | <= 5.2.5 | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | adaptive_security_appliance_device_manager | — | — |
| cisco | device_manager | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_cisco9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Device Manager Command Execution Vulnerability
vendor_cisco·2013-04-24·CVSS 9.3
CVE-2013-1192 [CRITICAL] CWE-20 Cisco Device Manager Command Execution Vulnerability
Cisco Device Manager Command Execution Vulnerability
Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on a client host with the privileges of the user. This vulnerability affects Cisco Device Manager for the Cisco MDS 9000 Family and Cisco Nexus 5000 Series Switches when it is installed or launched via the Java Network Launch Protocol (JNLP) on a host running Microsoft Windows.
Cisco Device Manager installed or launched from Cisco Prime Data Center Network Manager (DCNM) or Cisco Fabric Manager is not affected. This vulnerability can only be exploited if the JNLP file is executed on systems running Microsoft Windows. The vulnerability affects the confidentiality, integrity, and availability of the client host
Cisco
Cisco Device Manager Command Execution Vulnerability
vendor_cisco
CVE-2013-1192 Cisco Device Manager Command Execution Vulnerability
CVE-2013-1192: Cisco Device Manager Command Execution Vulnerability
Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on a client host with the privileges of the user. This vulnerability affects Cisco Device Manager for the Cisco MDS 9000 Family and Cisco Nexus 5000 Series Switches when it is installed or launched via the Java Network Launch Protocol (JNLP) on a host running Microsoft Windows. Cisco Device Manager installed or launched from Cisco Prime Data Center Network Manager (DCNM) or Cisco Fabric Manager is not affected. This vulnerability can only be exploited if the JNLP file is executed on systems running Microsoft Windows. The vulnerability affects the confidentiality, integrity, and availability of th
GHSA
GHSA-7pm6-cf6j-6prc: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5
ghsa_unreviewed·2022-05-14
CVE-2013-1192 [HIGH] CWE-20 GHSA-7pm6-cf6j-6prc: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5
The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-04-25
Published