CVE-2013-5493

The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 3.1 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/97239
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5493	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=30777	Vendor Advisory
http://www.securitytracker.com/id/1029032

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:cisco:virtualization_experience_client_6000:-:::::::*
	cpe:2.3:o:cisco:virtualization_experience_client_6000_series_firmware:-:::::::*

History

No history.

Information

Published : 2013-09-13 14:10

Updated : 2024-02-28 12:00

NVD link : CVE-2013-5493

Mitre link : CVE-2013-5493

CVE.ORG link : CVE-2013-5493

JSON object : View

Products Affected

cisco

virtualization_experience_client_6000_series_firmware
virtualization_experience_client_6000

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-5493", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-13T14:10:27.543", "references": [{"url": "http://osvdb.org/97239", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5493", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30777", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1029032", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407."}, {"lang": "es", "value": "El m\u00f3dulo de diagn\u00f3stico en el firmware de dispositivos de Cisco Virtualization Experience Client 6000 permite a usuarios locales evitar restricciones de acceso establecidas y ejectuar comandos arbitrarios a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCug68407."}], "lastModified": "2013-10-22T18:54:53.617", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:virtualization_experience_client_6000:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BBC9579-70A3-4D38-A65A-10FDE5D35099"}, {"criteria": "cpe:2.3:o:cisco:virtualization_experience_client_6000_series_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47B6132B-C2FA-4003-AB42-09CB174E4856"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}