Details of VAR-201308-0089

ID

VAR-201308-0089

CVE

CVE-2013-3442

TITLE

Cisco Unified Communications Manager of Web Vulnerability to obtain important stack trace information in the portal

Trust: 0.8

sources: JVNDB: JVNDB-2013-003640

DESCRIPTION

The web portal in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854. Vendors have confirmed this vulnerability Bug ID CSCug34854 It is released as.Remotely authenticated users can obtain important stack trace information. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCug34854. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3442 // JVNDB: JVNDB-2013-003640 // BID: 61608 // VULHUB: VHN-63444

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 0.3

sources: BID: 61608 // JVNDB: JVNDB-2013-003640 // CNNVD: CNNVD-201308-047 // NVD: CVE-2013-3442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3442
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3442
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-047
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63444
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3442
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63444
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63444 // JVNDB: JVNDB-2013-003640 // CNNVD: CNNVD-201308-047 // NVD: CVE-2013-3442

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-63444 // JVNDB: JVNDB-2013-003640 // NVD: CVE-2013-3442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-047

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201308-047

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003640

PATCH

title:	Cisco Unified Communications Manager Stack Trace Web Disclosure Issue	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3442	Trust: 0.8
title:	30290	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30290	Trust: 0.8

sources: JVNDB: JVNDB-2013-003640

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3442	Trust: 2.8
db:	BID	id:	61608	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003640	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-047	Trust: 0.7
db:	CISCO	id:	20130802 CISCO UNIFIED COMMUNICATIONS MANAGER STACK TRACE WEB DISCLOSURE ISSUE	Trust: 0.6
db:	VULHUB	id:	VHN-63444	Trust: 0.1

sources: VULHUB: VHN-63444 // BID: 61608 // JVNDB: JVNDB-2013-003640 // CNNVD: CNNVD-201308-047 // NVD: CVE-2013-3442

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3442	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3442	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3442	Trust: 0.8
url:	http://www.securityfocus.com/bid/61608	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30290	Trust: 0.3

sources: VULHUB: VHN-63444 // BID: 61608 // JVNDB: JVNDB-2013-003640 // CNNVD: CNNVD-201308-047 // NVD: CVE-2013-3442

CREDITS

Cisco

Trust: 0.9

sources: BID: 61608 // CNNVD: CNNVD-201308-047

SOURCES

db:	VULHUB	id:	VHN-63444
db:	BID	id:	61608
db:	JVNDB	id:	JVNDB-2013-003640
db:	CNNVD	id:	CNNVD-201308-047
db:	NVD	id:	CVE-2013-3442

LAST UPDATE DATE

2024-08-14T14:58:18.871000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63444	date:	2013-08-05T00:00:00
db:	BID	id:	61608	date:	2013-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2013-003640	date:	2013-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201308-047	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-3442	date:	2013-08-05T13:22:47.897

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63444	date:	2013-08-05T00:00:00
db:	BID	id:	61608	date:	2013-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2013-003640	date:	2013-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201308-047	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-3442	date:	2013-08-05T13:22:47.897