CVE-2012-6392

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:prime_lan_management_solution:4.1:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:4.2:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:4.2.1:::::::*
	cpe:2.3:a:cisco:prime_lan_management_solution:4.2.2:::::::*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms - Vendor Advisory

Information

Published : 2013-01-17 15:55

Updated : 2024-11-21 01:46

NVD link : CVE-2012-6392

Mitre link : CVE-2012-6392

CVE.ORG link : CVE-2012-6392

JSON object : View

Products Affected

linux

linux_kernel

cisco

prime_lan_management_solution

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-6392", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-01-17T15:55:01.563", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779."}, {"lang": "es", "value": "Cisco Prime LAN Management Solution (LMS) v4.1 a v4.2.2 en Linux no valida correctamente las solicitudes de autenticaci\u00f3n y autorizaci\u00f3n en sesiones TCP, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una sesi\u00f3n hecha a mano. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCuc79779."}], "lastModified": "2024-11-21T01:46:04.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54165D6B-BDCB-44DC-B693-C63C858AC9A3"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB2B254E-2206-4516-B39C-AC276859CF5F"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DD8078E-C3EC-4366-B645-2FF8DCF6DA53"}, {"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E329DAC-C618-4DB0-88B7-A2867EA083AC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}