Improper input validation in Cisco Adaptive_security_appliance_device_manager

CVE-2013-1192

The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-man…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.008 (75.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Adaptive_security_appliance_device_manager — versions 5.0.1, 5.0.2, 5.0.4
Cisco Mds_9000
Cisco Nexus_5000
Cisco Nexus_5010
Cisco Nexus_5010p_switch
Cisco Nexus_5020
Cisco Nexus_5020p_switch
Cisco Nexus_5548p
Cisco Nexus_5548up
Cisco Nexus_5596up

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20130424 Cisco Device Manager Command Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)