Sign-up

ID

VAR-201305-0155


CVE

CVE-2013-1221


TITLE

Cisco Unified Customer Voice Portal of Tomcat Web Management Vulnerability to execute arbitrary code in function

Trust: 0.8

sources: JVNDB: JVNDB-2013-002612

DESCRIPTION

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384. Vendors have confirmed this vulnerability Bug ID CSCub38384 It is released as.Skillfully crafted by a third party (1) HTTP Or (2) HTTPS Arbitrary code may be executed via a request. Cisco Unified Customer Voice Portal is prone to a remote privilege-escalation vulnerability. Attackers can exploit this issue to gain elevated privileges in the context of the affected application. Successful exploits may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCub38384. Versions prior to Unified Customer Voice Portal (CVP) 9.0.1 ES 11 are vulnerable. The vulnerability stems from the fact that the program does not properly configure the Tomcat component

Trust: 1.98

sources: NVD: CVE-2013-1221 // JVNDB: JVNDB-2013-002612 // BID: 59738 // VULHUB: VHN-61223

AFFECTED PRODUCTS

vendor:ciscomodel:unified customer voice portalscope:eqversion:9.0

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:3.0

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:8.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:8.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:3.6\(10\)

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:7.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:4.0\(2\)

Trust: 1.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:7.0

Trust: 1.3

vendor:ciscomodel:unified customer voice portalscope:eqversion:4.1

Trust: 1.3

vendor:ciscomodel:unified customer voice portalscope:eqversion:4.0

Trust: 1.3

vendor:ciscomodel:unified customer voice portalscope:lteversion:9.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified customer voice portalscope:ltversion:9.0.1 es 11

Trust: 0.8

vendor:ciscomodel:unified customer voice portalscope:eqversion:9.0\(1\)

Trust: 0.6

vendor:ciscomodel:unified customer voice portalscope:eqversion:7.0(1)

Trust: 0.3

vendor:ciscomodel:unified customer voice portal 4.1 es11scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified customer voice portal 4.0 es14scope: - version: -

Trust: 0.3

sources: BID: 59738 // JVNDB: JVNDB-2013-002612 // CNNVD: CNNVD-201305-189 // NVD: CVE-2013-1221

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1221
value: HIGH

Trust: 1.0

NVD: CVE-2013-1221
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201305-189
value: CRITICAL

Trust: 0.6

VULHUB: VHN-61223
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-1221
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61223
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61223 // JVNDB: JVNDB-2013-002612 // CNNVD: CNNVD-201305-189 // NVD: CVE-2013-1221

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

sources: VULHUB: VHN-61223 // JVNDB: JVNDB-2013-002612 // NVD: CVE-2013-1221

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-189

TYPE

Configuration Error

Trust: 0.9

sources: BID: 59738 // CNNVD: CNNVD-201305-189

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002612

PATCH
title:28982url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28982
Trust: 0.8
title:cisco-sa-20130508-cvpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
Trust: 0.8
title:29155url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29155
Trust: 0.8
title:cisco-sa-20130508-cvpurl:http://www.cisco.com/cisco/web/support/JP/111/1117/1117965_cisco-sa-20130508-cvp-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002612

EXTERNAL IDS
db:NVDid:CVE-2013-1221
Trust: 2.8
db:BIDid:59738
Trust: 1.0
db:JVNDBid:JVNDB-2013-002612
Trust: 0.8
db:CNNVDid:CNNVD-201305-189
Trust: 0.7
db:SECUNIAid:53306
Trust: 0.6
db:CISCOid:20130508 MULTIPLE VULNERABILITIES IN CISCO UNIFIED CUSTOMER VOICE PORTAL SOFTWARE
Trust: 0.6
db:VULHUBid:VHN-61223
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61223 // 
            
            
            
            BID: 59738 // 
            
            
            
            JVNDB: JVNDB-2013-002612 // 
            
            
            
            CNNVD: CNNVD-201305-189 // 
            
            
            
            NVD: CVE-2013-1221

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130508-cvp
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1221
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1221
Trust: 0.8
url:http://secunia.com/advisories/53306
Trust: 0.6
url:http://www.securityfocus.com/bid/59738
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/custcosw/ps1006/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61223 // 
            
            
            
            BID: 59738 // 
            
            
            
            JVNDB: JVNDB-2013-002612 // 
            
            
            
            CNNVD: CNNVD-201305-189 // 
            
            
            
            NVD: CVE-2013-1221

CREDITS
Alex Senkevitch
Trust: 0.9
sources:
            
            
            BID: 59738 // 
            
            
            
            CNNVD: CNNVD-201305-189

SOURCES
db:VULHUBid:VHN-61223
db:BIDid:59738
db:JVNDBid:JVNDB-2013-002612
db:CNNVDid:CNNVD-201305-189
db:NVDid:CVE-2013-1221

LAST UPDATE DATE
2024-11-23T22:02:23.881000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61223date:2013-05-09T00:00:00
db:BIDid:59738date:2013-05-08T00:00:00
db:JVNDBid:JVNDB-2013-002612date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-189date:2013-05-10T00:00:00
db:NVDid:CVE-2013-1221date:2024-11-21T01:49:08.483

SOURCES RELEASE DATE
db:VULHUBid:VHN-61223date:2013-05-09T00:00:00
db:BIDid:59738date:2013-05-08T00:00:00
db:JVNDBid:JVNDB-2013-002612date:2013-05-10T00:00:00
db:CNNVDid:CNNVD-201305-189date:2013-05-09T00:00:00
db:NVDid:CVE-2013-1221date:2013-05-09T12:31:19.173