Details of VAR-201307-0220

ID

VAR-201307-0220

CVE

CVE-2013-3433

TITLE

Cisco Unified Communications Manager Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-003450

DESCRIPTION

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. Vendors have confirmed this vulnerability Bug ID CSCui02276 It is released as. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. Local attackers can exploit this issue to gain elevated privileges. Successful exploits will result in the complete compromise of affected computers. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3433 // JVNDB: JVNDB-2013-003450 // BID: 61297 // VULHUB: VHN-63435

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.1\(a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.3
vendor:	cisco	model:	unified communications manager 7.1	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager 7.1 su1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(x) to 9.1(1a)	Trust: 0.8
vendor:	cisco	model:	unified communications manager 7.1 su1a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0 su1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1a\)	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.6 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(0.98000.106)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(3)	Trust: 0.3

sources: BID: 61297 // JVNDB: JVNDB-2013-003450 // CNNVD: CNNVD-201307-403 // NVD: CVE-2013-3433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3433
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3433
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-403
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63435
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3433
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63435
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63435 // JVNDB: JVNDB-2013-003450 // CNNVD: CNNVD-201307-403 // NVD: CVE-2013-3433

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2013-003450 // NVD: CVE-2013-3433

THREAT TYPE

local

Trust: 0.9

sources: BID: 61297 // CNNVD: CNNVD-201307-403

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201307-403

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003450

PATCH

title:	29846	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29846	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm	Trust: 0.8
title:	30098	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30098	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1118/1118531_cisco-sa-20130717-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003450

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3433	Trust: 2.8
db:	BID	id:	61297	Trust: 1.4
db:	OSVDB	id:	95404	Trust: 1.1
db:	SECUNIA	id:	54249	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003450	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-403	Trust: 0.7
db:	CISCO	id:	20130717 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	VULHUB	id:	VHN-63435	Trust: 0.1

sources: VULHUB: VHN-63435 // BID: 61297 // JVNDB: JVNDB-2013-003450 // CNNVD: CNNVD-201307-403 // NVD: CVE-2013-3433

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-cucm	Trust: 1.7
url:	http://www.securityfocus.com/bid/61297	Trust: 1.1
url:	http://osvdb.org/95404	Trust: 1.1
url:	http://secunia.com/advisories/54249	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3433	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3433	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-63435 // BID: 61297 // JVNDB: JVNDB-2013-003450 // CNNVD: CNNVD-201307-403 // NVD: CVE-2013-3433

CREDITS

This issue was disclosed by Lexfo security firm during the SSTIC 2013 IT security conference.

Trust: 0.3

sources: BID: 61297

SOURCES

db:	VULHUB	id:	VHN-63435
db:	BID	id:	61297
db:	JVNDB	id:	JVNDB-2013-003450
db:	CNNVD	id:	CNNVD-201307-403
db:	NVD	id:	CVE-2013-3433

LAST UPDATE DATE

2024-08-14T14:28:02.657000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63435	date:	2017-11-18T00:00:00
db:	BID	id:	61297	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003450	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-403	date:	2013-07-22T00:00:00
db:	NVD	id:	CVE-2013-3433	date:	2017-11-18T02:29:00.587

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63435	date:	2013-07-18T00:00:00
db:	BID	id:	61297	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003450	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-403	date:	2013-07-22T00:00:00
db:	NVD	id:	CVE-2013-3433	date:	2013-07-18T12:48:56.977