VIR Vulnerability Intelligence Relay

CVE-2012-6392

critical
Published 2013-01-17 · Modified 2026-04-29
CVSS v3
CVSS v2
10.0
VIR risk
10.0

Description

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-lms

OS impact
OSVersionStatusFixed in
linux linux-kernelnot-affected

Application impact
VendorProductVersionsFixed
ciscoprime_lan_management_solution4.1
ciscoprime_lan_management_solution4.2
ciscoprime_lan_management_solution4.2.1
ciscoprime_lan_management_solution4.2.2

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.