ID

VAR-201307-0199


CVE

CVE-2013-3412


TITLE

Cisco Unified Communications Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003449

DESCRIPTION

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCuh81766. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3412 // JVNDB: JVNDB-2013-003449 // BID: 61295 // VULHUB: VHN-63414

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:8.5

Trust: 1.9

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.5\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:9.1.1\(a\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(1\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.5\(1\)su3

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.5\(1\)su5

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.5\(1\)su4

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.5\(1\)su1

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(1a\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.6

Trust: 1.3

vendor:ciscomodel:unified communications manager 7.1scope: - version: -

Trust: 1.2

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3b\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(2a\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(2a\)su3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(3a\)su3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(2b\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3b\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(2a\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su6

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(2b\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3b\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(2b\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(2c\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su5

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(3a\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(4\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su4

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(2a\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.5\(1\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(3a\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5a\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(2a\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5\)su1a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3a\)su1a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(3\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(3a\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su3

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(2a\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\(2\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su1a

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3a\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(5b\)su2

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.6\(3\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0\(2c\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:9.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(3a\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:7.1\(2a\)su1

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:8.0

Trust: 1.0

vendor:ciscomodel:unified communications manager 7.1 su1scope: - version: -

Trust: 0.9

vendor:ciscomodel:unified communications managerscope:eqversion:7.1(x) to 9.1(2)

Trust: 0.8

vendor:ciscomodel:unified communications manager 7.1 su1ascope: - version: -

Trust: 0.6

vendor:ciscomodel:unified communications manager 7.1 su2scope: - version: -

Trust: 0.6

vendor:ciscomodel:unified communications manager 8.0scope: - version: -

Trust: 0.6

vendor:ciscomodel:unified communications manager 8.0 su1scope: - version: -

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:8.6.3

Trust: 0.3

vendor:ciscomodel:unified communications manager 8.0 su3scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.1 su5scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 8.5 su2scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:8.0(3)

Trust: 0.3

vendor:ciscomodel:unified communications manager 8.6 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 8.0 su2scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.1 su3scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.1(5)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:8.0(1)

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:8.5(1)

Trust: 0.3

vendor:ciscomodel:unified communications manager 7.1 su4scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications manager 8.5 su1scope: - version: -

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:7.1(3)

Trust: 0.3

sources: BID: 61295 // JVNDB: JVNDB-2013-003449 // CNNVD: CNNVD-201307-402 // NVD: CVE-2013-3412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3412
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3412
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-402
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63414
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3412
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63414
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63414 // JVNDB: JVNDB-2013-003449 // CNNVD: CNNVD-201307-402 // NVD: CVE-2013-3412

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-63414 // JVNDB: JVNDB-2013-003449 // NVD: CVE-2013-3412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-402

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201307-402

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003449

PATCH

title:29846url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29846

Trust: 0.8

title:cisco-sa-20130717-cucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm

Trust: 0.8

title:30043url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30043

Trust: 0.8

title:cisco-sa-20130717-cucmurl:http://www.cisco.com/cisco/web/support/JP/111/1118/1118531_cisco-sa-20130717-cucm-j.html

Trust: 0.8

sources: JVNDB: JVNDB-2013-003449

EXTERNAL IDS

db:NVDid:CVE-2013-3412

Trust: 2.8

db:SECUNIAid:54249

Trust: 1.1

db:JVNDBid:JVNDB-2013-003449

Trust: 0.8

db:CNNVDid:CNNVD-201307-402

Trust: 0.7

db:CISCOid:20130717 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER

Trust: 0.6

db:BIDid:61295

Trust: 0.4

db:VULHUBid:VHN-63414

Trust: 0.1

sources: VULHUB: VHN-63414 // BID: 61295 // JVNDB: JVNDB-2013-003449 // CNNVD: CNNVD-201307-402 // NVD: CVE-2013-3412

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-cucm

Trust: 1.7

url:http://secunia.com/advisories/54249

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3412

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3412

Trust: 0.8

url:http://www.cisco.com

Trust: 0.3

sources: VULHUB: VHN-63414 // BID: 61295 // JVNDB: JVNDB-2013-003449 // CNNVD: CNNVD-201307-402 // NVD: CVE-2013-3412

CREDITS

Lexfo

Trust: 0.3

sources: BID: 61295

SOURCES

db:VULHUBid:VHN-63414
db:BIDid:61295
db:JVNDBid:JVNDB-2013-003449
db:CNNVDid:CNNVD-201307-402
db:NVDid:CVE-2013-3412

LAST UPDATE DATE

2024-08-14T14:28:02.753000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-63414date:2013-08-20T00:00:00
db:BIDid:61295date:2013-07-19T16:43:00
db:JVNDBid:JVNDB-2013-003449date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-402date:2013-07-22T00:00:00
db:NVDid:CVE-2013-3412date:2013-08-20T03:23:33.043

SOURCES RELEASE DATE

db:VULHUBid:VHN-63414date:2013-07-18T00:00:00
db:BIDid:61295date:2013-07-17T00:00:00
db:JVNDBid:JVNDB-2013-003449date:2013-07-22T00:00:00
db:CNNVDid:CNNVD-201307-402date:2013-07-22T00:00:00
db:NVDid:CVE-2013-3412date:2013-07-18T12:48:56.967