CVE-2013-1192 — Improper Input Validation in Cisco Adaptive Security Appliance Device Manager

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

0.8%

top 25.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Device Manager

Timeline

PublishedApr 25

Latest updateMay 14

Description

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, aka Bug IDs CSCty17417 and CSCty10802.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/adaptive_security_appliance_device_manager5.2.5+14

🔴Vulnerability Details

GHSA

GHSA-7pm6-cf6j-6prc: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5↗2022-05-14

▶

CVEList

CVE-2013-1192: The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5↗2013-04-25

▶

📋Vendor Advisories

Cisco

Cisco Device Manager Command Execution Vulnerability↗2013-04-24

▶