ID
VAR-201305-0158
CVE
CVE-2013-1224
TITLE
Cisco Unified Customer Voice Portal of Resource Manager Vulnerable to directory traversal
Trust: 0.8
sources:
JVNDB: JVNDB-2013-002615
DESCRIPTION
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369. A remote attacker can use directory-traversal strings to modify arbitrary system files in the context of the affected application. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCub38369
Trust: 1.98
sources:
NVD: CVE-2013-1224 //
JVNDB: JVNDB-2013-002615 //
BID: 59743 //
VULHUB: VHN-61226
AFFECTED PRODUCTS
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 7.0 | Trust: 1.9 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 4.0 | Trust: 1.9 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 9.0 | Trust: 1.6 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 3.0 | Trust: 1.6 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 8.5\(1\) | Trust: 1.6 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 8.0\(1\) | Trust: 1.6 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 7.0\(2\) | Trust: 1.6 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 4.0\(2\) | Trust: 1.6 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 4.1 | Trust: 1.3 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 3.6\(10\) | Trust: 1.0 |
| vendor: | cisco | model: | unified customer voice portal | scope: | lte | version: | 9.0\(1\) | Trust: 1.0 |
| vendor: | cisco | model: | unified customer voice portal | scope: | lt | version: | 9.0.1 es 11 | Trust: 0.8 |
| vendor: | cisco | model: | unified customer voice portal | scope: | eq | version: | 7.0(1) | Trust: 0.3 |
| vendor: | cisco | model: | unified customer voice portal 4.1 es11 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | unified customer voice portal 4.0 es14 | scope: | - | version: | - | Trust: 0.3 |
sources:
BID: 59743 //
JVNDB: JVNDB-2013-002615 //
CNNVD: CNNVD-201305-184 //
NVD: CVE-2013-1224
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
VULHUB: VHN-61226 //
JVNDB: JVNDB-2013-002615 //
CNNVD: CNNVD-201305-184 //
NVD: CVE-2013-1224
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
sources:
VULHUB: VHN-61226 //
JVNDB: JVNDB-2013-002615 //
NVD: CVE-2013-1224
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201305-184
TYPE
path traversal
Trust: 0.6
sources:
CNNVD: CNNVD-201305-184
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-002615
PATCH
| title: | 28982 | url: | http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28982 | Trust: 0.8 |
| title: | cisco-sa-20130508-cvp | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp | Trust: 0.8 |
| title: | 29158 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=29158 | Trust: 0.8 |
| title: | cisco-sa-20130508-cvp | url: | http://www.cisco.com/cisco/web/support/JP/111/1117/1117965_cisco-sa-20130508-cvp-j.html | Trust: 0.8 |
sources:
JVNDB: JVNDB-2013-002615
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-1224 | Trust: 2.8 |
| db: | BID | id: | 59743 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-002615 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201305-184 | Trust: 0.7 |
| db: | SECUNIA | id: | 53306 | Trust: 0.6 |
| db: | CISCO | id: | 20130508 MULTIPLE VULNERABILITIES IN CISCO UNIFIED CUSTOMER VOICE PORTAL SOFTWARE | Trust: 0.6 |
| db: | VULHUB | id: | VHN-61226 | Trust: 0.1 |
sources:
VULHUB: VHN-61226 //
BID: 59743 //
JVNDB: JVNDB-2013-002615 //
CNNVD: CNNVD-201305-184 //
NVD: CVE-2013-1224
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130508-cvp | Trust: 2.0 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1224 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1224 | Trust: 0.8 |
| url: | http://secunia.com/advisories/53306 | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/59743 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://www.cisco.com/en/us/products/sw/custcosw/ps1006/index.html | Trust: 0.3 |
sources:
VULHUB: VHN-61226 //
BID: 59743 //
JVNDB: JVNDB-2013-002615 //
CNNVD: CNNVD-201305-184 //
NVD: CVE-2013-1224
CREDITS
Alex Senkevitch
Trust: 0.9
sources:
BID: 59743 //
CNNVD: CNNVD-201305-184
SOURCES
| db: | VULHUB | id: | VHN-61226 |
| db: | BID | id: | 59743 |
| db: | JVNDB | id: | JVNDB-2013-002615 |
| db: | CNNVD | id: | CNNVD-201305-184 |
| db: | NVD | id: | CVE-2013-1224 |
LAST UPDATE DATE
2024-11-23T22:02:23.911000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-61226 | date: | 2013-07-08T00:00:00 |
| db: | BID | id: | 59743 | date: | 2013-05-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-002615 | date: | 2013-07-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201305-184 | date: | 2013-05-10T00:00:00 |
| db: | NVD | id: | CVE-2013-1224 | date: | 2024-11-21T01:49:08.850 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-61226 | date: | 2013-05-09T00:00:00 |
| db: | BID | id: | 59743 | date: | 2013-05-08T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-002615 | date: | 2013-05-10T00:00:00 |
| db: | CNNVD | id: | CNNVD-201305-184 | date: | 2013-05-09T00:00:00 |
| db: | NVD | id: | CVE-2013-1224 | date: | 2013-05-09T12:31:19.227 |