Details of VAR-201307-0231

ID

VAR-201307-0231

CVE

CVE-2013-3402

TITLE

Cisco Unified Communications Manager Vulnerable to arbitrary command execution in unspecified functions

Trust: 0.8

sources: JVNDB: JVNDB-2013-003444

DESCRIPTION

An unspecified function in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary commands via unknown vectors, aka Bug ID CSCuh73440. Vendors have confirmed this vulnerability Bug ID CSCuh73440 It is released as.An arbitrary command may be executed by a remotely authenticated user. Successfully exploiting this issue may allow an attacker to execute arbitrary OS commands with the privileges of the database user in context of the affected application. This issue is being tracked by Cisco bug ID CSCuh73440. Versions prior to Unified Communications Manager 9.1(2) are affected. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3402 // JVNDB: JVNDB-2013-003444 // BID: 61293 // VULHUB: VHN-63404

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager 7.1	scope:	-	version:	-	Trust: 1.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager 7.1 su1	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.1\(a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(x) to 9.1(2)	Trust: 0.8
vendor:	cisco	model:	unified communications manager 7.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su1a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 61293 // JVNDB: JVNDB-2013-003444 // CNNVD: CNNVD-201307-397 // NVD: CVE-2013-3402

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3402
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3402
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-397
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63404
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3402
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63404
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63404 // JVNDB: JVNDB-2013-003444 // CNNVD: CNNVD-201307-397 // NVD: CVE-2013-3402

PROBLEMTYPE DATA

problemtype:

CWE-94

Trust: 1.9

sources: VULHUB: VHN-63404 // JVNDB: JVNDB-2013-003444 // NVD: CVE-2013-3402

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-397

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201307-397

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003444

PATCH

title:	29846	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29846	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm	Trust: 0.8
title:	30041	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30041	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1118/1118531_cisco-sa-20130717-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003444

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3402	Trust: 2.8
db:	SECUNIA	id:	54249	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003444	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-397	Trust: 0.7
db:	CISCO	id:	20130717 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	BID	id:	61293	Trust: 0.4
db:	VULHUB	id:	VHN-63404	Trust: 0.1

sources: VULHUB: VHN-63404 // BID: 61293 // JVNDB: JVNDB-2013-003444 // CNNVD: CNNVD-201307-397 // NVD: CVE-2013-3402

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-cucm	Trust: 1.7
url:	http://secunia.com/advisories/54249	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3402	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3402	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-63404 // BID: 61293 // JVNDB: JVNDB-2013-003444 // CNNVD: CNNVD-201307-397 // NVD: CVE-2013-3402

CREDITS

Lexfo

Trust: 0.3

sources: BID: 61293

SOURCES

db:	VULHUB	id:	VHN-63404
db:	BID	id:	61293
db:	JVNDB	id:	JVNDB-2013-003444
db:	CNNVD	id:	CNNVD-201307-397
db:	NVD	id:	CVE-2013-3402

LAST UPDATE DATE

2024-08-14T14:28:02.722000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63404	date:	2013-08-20T00:00:00
db:	BID	id:	61293	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003444	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-397	date:	2013-07-29T00:00:00
db:	NVD	id:	CVE-2013-3402	date:	2013-08-20T03:23:32.513

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63404	date:	2013-07-18T00:00:00
db:	BID	id:	61293	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003444	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-397	date:	2013-07-22T00:00:00
db:	NVD	id:	CVE-2013-3402	date:	2013-07-18T12:48:56.933