Details of VAR-201305-0114

ID

VAR-201305-0114

CVE

CVE-2013-1240

TITLE

Cisco Unified Communications Manager Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2013-002565

DESCRIPTION

The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770. Vendors have confirmed this vulnerability Bug ID CSCue25770 It is released as.An arbitrary file may be read by a local user. Cisco Unified Communications Manager is a call processing component in the Cisco IP Telephony solution. An attacker can exploit a vulnerability to read arbitrary files and obtain sensitive information. This can lead to further attacks. This issue is documented by the Cisco bug ID's CSCue25770, CSCuh00765 and CSCun74412

Trust: 2.52

sources: NVD: CVE-2013-1240 // JVNDB: JVNDB-2013-002565 // CNVD: CNVD-2013-05138 // BID: 59651 // VULHUB: VHN-61242

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-05138

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(1)	Trust: 0.8

sources: CNVD: CNVD-2013-05138 // JVNDB: JVNDB-2013-002565 // CNNVD: CNNVD-201305-090 // NVD: CVE-2013-1240

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1240
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1240
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-05138
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201305-090
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61242
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1240
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-05138
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-61242
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-05138 // VULHUB: VHN-61242 // JVNDB: JVNDB-2013-002565 // CNNVD: CNNVD-201305-090 // NVD: CVE-2013-1240

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61242 // JVNDB: JVNDB-2013-002565 // NVD: CVE-2013-1240

THREAT TYPE

local

Trust: 0.9

sources: BID: 59651 // CNNVD: CNNVD-201305-090

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201305-090

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002565

PATCH

title:	Cisco Unified Communications Manager Arbitrary File Read Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1240	Trust: 0.8
title:	29216	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29216	Trust: 0.8

sources: JVNDB: JVNDB-2013-002565

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1240	Trust: 3.4
db:	BID	id:	59651	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002565	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-090	Trust: 0.7
db:	CNVD	id:	CNVD-2013-05138	Trust: 0.6
db:	CISCO	id:	20130503 CISCO UNIFIED COMMUNICATIONS MANAGER ARBITRARY FILE READ VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61242	Trust: 0.1

sources: CNVD: CNVD-2013-05138 // VULHUB: VHN-61242 // BID: 59651 // JVNDB: JVNDB-2013-002565 // CNNVD: CNNVD-201305-090 // NVD: CVE-2013-1240

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1240	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1240	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1240	Trust: 0.8
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: CNVD: CNVD-2013-05138 // VULHUB: VHN-61242 // BID: 59651 // JVNDB: JVNDB-2013-002565 // CNNVD: CNNVD-201305-090 // NVD: CVE-2013-1240

CREDITS

Cisco

Trust: 0.3

sources: BID: 59651

SOURCES

db:	CNVD	id:	CNVD-2013-05138
db:	VULHUB	id:	VHN-61242
db:	BID	id:	59651
db:	JVNDB	id:	JVNDB-2013-002565
db:	CNNVD	id:	CNNVD-201305-090
db:	NVD	id:	CVE-2013-1240

LAST UPDATE DATE

2024-11-23T23:09:59.846000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-05138	date:	2013-05-13T00:00:00
db:	VULHUB	id:	VHN-61242	date:	2013-05-06T00:00:00
db:	BID	id:	59651	date:	2014-05-02T04:00:00
db:	JVNDB	id:	JVNDB-2013-002565	date:	2013-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201305-090	date:	2013-05-06T00:00:00
db:	NVD	id:	CVE-2013-1240	date:	2024-11-21T01:49:10.357

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-05138	date:	2013-05-13T00:00:00
db:	VULHUB	id:	VHN-61242	date:	2013-05-04T00:00:00
db:	BID	id:	59651	date:	2013-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-002565	date:	2013-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201305-090	date:	2013-05-06T00:00:00
db:	NVD	id:	CVE-2013-1240	date:	2013-05-04T03:24:41.737