Details of VAR-201305-0157

ID

VAR-201305-0157

CVE

CVE-2013-1223

TITLE

Cisco Unified Customer Voice Portal Log Viewer Arbitrary File Access Vulnerability

Trust: 0.9

sources: BID: 59741 // CNNVD: CNNVD-201305-186

DESCRIPTION

The log viewer in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly validate an unspecified parameter, which allows remote attackers to read arbitrary files via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38372. Successfully exploiting this issue may allow attackers to read arbitrary files. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCub38372. Versions prior to Unified Customer Voice Portal (CVP) 9.0.1 ES 11 are vulnerable

Trust: 1.98

sources: NVD: CVE-2013-1223 // JVNDB: JVNDB-2013-002614 // BID: 59741 // VULHUB: VHN-61225

AFFECTED PRODUCTS

vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	8.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	3.6\(10\)	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	7.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	4.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	7.0	Trust: 1.3
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	4.1	Trust: 1.3
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	4.0	Trust: 1.3
vendor:	cisco	model:	unified customer voice portal	scope:	lte	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified customer voice portal	scope:	lt	version:	9.0.1 es 11	Trust: 0.8
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	9.0\(1\)	Trust: 0.6
vendor:	cisco	model:	unified customer voice portal	scope:	eq	version:	7.0(1)	Trust: 0.3
vendor:	cisco	model:	unified customer voice portal 4.1 es11	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified customer voice portal 4.0 es14	scope:	-	version:	-	Trust: 0.3

sources: BID: 59741 // JVNDB: JVNDB-2013-002614 // CNNVD: CNNVD-201305-186 // NVD: CVE-2013-1223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1223
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1223
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201305-186
value:	HIGH
Trust: 0.6
VULHUB:	VHN-61225
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1223
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61225
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61225 // JVNDB: JVNDB-2013-002614 // CNNVD: CNNVD-201305-186 // NVD: CVE-2013-1223

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61225 // JVNDB: JVNDB-2013-002614 // NVD: CVE-2013-1223

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-186

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201305-186

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002614

PATCH

title:	28982	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28982	Trust: 0.8
title:	cisco-sa-20130508-cvp	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp	Trust: 0.8
title:	29157	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29157	Trust: 0.8
title:	cisco-sa-20130508-cvp	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117965_cisco-sa-20130508-cvp-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-002614

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1223	Trust: 2.8
db:	BID	id:	59741	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002614	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-186	Trust: 0.7
db:	SECUNIA	id:	53306	Trust: 0.6
db:	CISCO	id:	20130508 MULTIPLE VULNERABILITIES IN CISCO UNIFIED CUSTOMER VOICE PORTAL SOFTWARE	Trust: 0.6
db:	VULHUB	id:	VHN-61225	Trust: 0.1

sources: VULHUB: VHN-61225 // BID: 59741 // JVNDB: JVNDB-2013-002614 // CNNVD: CNNVD-201305-186 // NVD: CVE-2013-1223

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130508-cvp	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1223	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1223	Trust: 0.8
url:	http://secunia.com/advisories/53306	Trust: 0.6
url:	http://www.securityfocus.com/bid/59741	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/custcosw/ps1006/index.html	Trust: 0.3

sources: VULHUB: VHN-61225 // BID: 59741 // JVNDB: JVNDB-2013-002614 // CNNVD: CNNVD-201305-186 // NVD: CVE-2013-1223

CREDITS

Alex Senkevitch

Trust: 0.9

sources: BID: 59741 // CNNVD: CNNVD-201305-186

SOURCES

db:	VULHUB	id:	VHN-61225
db:	BID	id:	59741
db:	JVNDB	id:	JVNDB-2013-002614
db:	CNNVD	id:	CNNVD-201305-186
db:	NVD	id:	CVE-2013-1223

LAST UPDATE DATE

2024-11-23T22:02:23.943000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61225	date:	2013-05-09T00:00:00
db:	BID	id:	59741	date:	2013-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-002614	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-186	date:	2013-05-10T00:00:00
db:	NVD	id:	CVE-2013-1223	date:	2024-11-21T01:49:08.727

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61225	date:	2013-05-09T00:00:00
db:	BID	id:	59741	date:	2013-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-002614	date:	2013-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201305-186	date:	2013-05-09T00:00:00
db:	NVD	id:	CVE-2013-1223	date:	2013-05-09T12:31:19.207