Details of VAR-201307-0232

ID

VAR-201307-0232

CVE

CVE-2013-3403

TITLE

Cisco Unified Communications Manager Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-003445

DESCRIPTION

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454. Vendors have confirmed this vulnerability Bug ID CSCuh73454 It is released as. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. Local attackers can exploit these issues to gain elevated privileges. Successful exploits will result in the complete compromise of affected computers. This issue is being tracked by Cisco Bug IDs CSCuh73454 and CSCuh87042. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3403 // JVNDB: JVNDB-2013-003445 // BID: 61291 // VULHUB: VHN-63405

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.3
vendor:	cisco	model:	unified communications manager 7.1	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.1\(a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager 7.1 su1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(x) to 9.1(1a)	Trust: 0.8
vendor:	cisco	model:	unified communications manager 8.0 su1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su1a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.6 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(0.98000.106)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(3)	Trust: 0.3

sources: BID: 61291 // JVNDB: JVNDB-2013-003445 // CNNVD: CNNVD-201307-398 // NVD: CVE-2013-3403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3403
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3403
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-398
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63405
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3403
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63405
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63405 // JVNDB: JVNDB-2013-003445 // CNNVD: CNNVD-201307-398 // NVD: CVE-2013-3403

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2013-003445 // NVD: CVE-2013-3403

THREAT TYPE

local

Trust: 0.9

sources: BID: 61291 // CNNVD: CNNVD-201307-398

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201307-398

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003445

PATCH

title:	29846	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29846	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm	Trust: 0.8
title:	30042	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30042	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1118/1118531_cisco-sa-20130717-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003445

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3403	Trust: 2.8
db:	SECUNIA	id:	54249	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003445	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-398	Trust: 0.7
db:	CISCO	id:	20130717 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	BID	id:	61291	Trust: 0.4
db:	VULHUB	id:	VHN-63405	Trust: 0.1

sources: VULHUB: VHN-63405 // BID: 61291 // JVNDB: JVNDB-2013-003445 // CNNVD: CNNVD-201307-398 // NVD: CVE-2013-3403

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-cucm	Trust: 2.0
url:	http://secunia.com/advisories/54249	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3403	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3403	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30042	Trust: 0.3
url:	https://www.sstic.org/media/sstic2013/sstic-actes/2013_pres_courte_voip/sstic2013-slides-2013_pres_courte_voip-cisco.pdf	Trust: 0.3

sources: VULHUB: VHN-63405 // BID: 61291 // JVNDB: JVNDB-2013-003445 // CNNVD: CNNVD-201307-398 // NVD: CVE-2013-3403

CREDITS

This issue was disclosed by Lexfo security firm during the SSTIC 2013 IT security conference.

Trust: 0.3

sources: BID: 61291

SOURCES

db:	VULHUB	id:	VHN-63405
db:	BID	id:	61291
db:	JVNDB	id:	JVNDB-2013-003445
db:	CNNVD	id:	CNNVD-201307-398
db:	NVD	id:	CVE-2013-3403

LAST UPDATE DATE

2024-08-14T14:28:02.786000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63405	date:	2013-08-20T00:00:00
db:	BID	id:	61291	date:	2015-03-19T09:30:00
db:	JVNDB	id:	JVNDB-2013-003445	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-398	date:	2013-07-29T00:00:00
db:	NVD	id:	CVE-2013-3403	date:	2013-08-20T03:23:32.587

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63405	date:	2013-07-18T00:00:00
db:	BID	id:	61291	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003445	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-398	date:	2013-07-22T00:00:00
db:	NVD	id:	CVE-2013-3403	date:	2013-07-18T12:48:56.940