Details of VAR-201307-0233

ID

VAR-201307-0233

CVE

CVE-2013-3404

TITLE

Cisco Unified Communications Manager In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003446

DESCRIPTION

SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051. Vendors have confirmed this vulnerability Bug ID CSCuh01051 It is released as.An authentication information encrypted using metadata by a third party can be broken. SQL The command may be executed. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCuh01051. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3404 // JVNDB: JVNDB-2013-003446 // BID: 61292 // VULHUB: VHN-63406

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.9
vendor:	cisco	model:	unified communications manager 7.1	scope:	-	version:	-	Trust: 1.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.1\(a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.6
vendor:	cisco	model:	unified communications manager 7.1 su1	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(x) to 9.1(1a)	Trust: 0.8
vendor:	cisco	model:	unified communications manager 7.1 su1a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.0 su1	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1a\)	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6.3	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.6 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(0.98000.106)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.0 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(3)	Trust: 0.3

sources: BID: 61292 // JVNDB: JVNDB-2013-003446 // CNNVD: CNNVD-201307-399 // NVD: CVE-2013-3404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3404
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3404
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201307-399
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63406
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3404
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63406
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63406 // JVNDB: JVNDB-2013-003446 // CNNVD: CNNVD-201307-399 // NVD: CVE-2013-3404

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-63406 // JVNDB: JVNDB-2013-003446 // NVD: CVE-2013-3404

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-399

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201307-399

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003446

PATCH

title:	29846	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=29846	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm	Trust: 0.8
title:	30039	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30039	Trust: 0.8
title:	cisco-sa-20130717-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1118/1118531_cisco-sa-20130717-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003446

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3404	Trust: 2.8
db:	SECUNIA	id:	54249	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-399	Trust: 0.7
db:	CISCO	id:	20130717 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	BID	id:	61292	Trust: 0.4
db:	VULHUB	id:	VHN-63406	Trust: 0.1

sources: VULHUB: VHN-63406 // BID: 61292 // JVNDB: JVNDB-2013-003446 // CNNVD: CNNVD-201307-399 // NVD: CVE-2013-3404

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130717-cucm	Trust: 2.0
url:	http://secunia.com/advisories/54249	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3404	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3404	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3
url:	https://www.sstic.org/media/sstic2013/sstic-actes/2013_pres_courte_voip/sstic2013-slides-2013_pres_courte_voip-cisco.pdf	Trust: 0.3

sources: VULHUB: VHN-63406 // BID: 61292 // JVNDB: JVNDB-2013-003446 // CNNVD: CNNVD-201307-399 // NVD: CVE-2013-3404

CREDITS

Lexfo

Trust: 0.3

sources: BID: 61292

SOURCES

db:	VULHUB	id:	VHN-63406
db:	BID	id:	61292
db:	JVNDB	id:	JVNDB-2013-003446
db:	CNNVD	id:	CNNVD-201307-399
db:	NVD	id:	CVE-2013-3404

LAST UPDATE DATE

2024-08-14T14:28:02.689000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63406	date:	2013-08-20T00:00:00
db:	BID	id:	61292	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003446	date:	2013-08-05T00:00:00
db:	CNNVD	id:	CNNVD-201307-399	date:	2013-07-22T00:00:00
db:	NVD	id:	CVE-2013-3404	date:	2013-08-20T03:23:32.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63406	date:	2013-07-18T00:00:00
db:	BID	id:	61292	date:	2013-07-17T00:00:00
db:	JVNDB	id:	JVNDB-2013-003446	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-399	date:	2013-07-22T00:00:00
db:	NVD	id:	CVE-2013-3404	date:	2013-07-18T12:48:56.947