Details of VAR-201308-0093

ID

VAR-201308-0093

CVE

CVE-2013-3450

TITLE

Cisco Unified Communications Manager of User WebDialer Page cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003641

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the User WebDialer page in Cisco Unified Communications Manager (Unified CM) allows remote attackers to hijack the authentication of arbitrary users for requests that dial calls, aka Bug ID CSCui13028. Vendors have confirmed this vulnerability Bug ID CSCui13028 It is released as.A third party could hijack the authentication of any user and dial out. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue is being tracked by Cisco bug ID CSCui13028. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A remote attacker can exploit this vulnerability to hijack the authentication of any user's call request

Trust: 1.98

sources: NVD: CVE-2013-3450 // JVNDB: JVNDB-2013-003641 // BID: 61601 // VULHUB: VHN-63452

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 0.3

sources: BID: 61601 // JVNDB: JVNDB-2013-003641 // CNNVD: CNNVD-201308-044 // NVD: CVE-2013-3450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3450
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3450
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-044
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63452
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3450
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63452
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63452 // JVNDB: JVNDB-2013-003641 // CNNVD: CNNVD-201308-044 // NVD: CVE-2013-3450

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-63452 // JVNDB: JVNDB-2013-003641 // NVD: CVE-2013-3450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-044

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201308-044

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003641

PATCH

title:	Cisco Unified Communications Manager User Web Dialer Vulnerable to CSRF Attack	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3450	Trust: 0.8
title:	30291	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30291	Trust: 0.8

sources: JVNDB: JVNDB-2013-003641

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3450	Trust: 2.8
db:	BID	id:	61601	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003641	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-044	Trust: 0.7
db:	CISCO	id:	20130802 CISCO UNIFIED COMMUNICATIONS MANAGER USER WEB DIALER VULNERABLE TO CSRF ATTACK	Trust: 0.6
db:	VULHUB	id:	VHN-63452	Trust: 0.1

sources: VULHUB: VHN-63452 // BID: 61601 // JVNDB: JVNDB-2013-003641 // CNNVD: CNNVD-201308-044 // NVD: CVE-2013-3450

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3450	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3450	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3450	Trust: 0.8
url:	http://www.securityfocus.com/bid/61601	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30291	Trust: 0.3
url:	tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3450	Trust: 0.3

sources: VULHUB: VHN-63452 // BID: 61601 // JVNDB: JVNDB-2013-003641 // CNNVD: CNNVD-201308-044 // NVD: CVE-2013-3450

CREDITS

Cisco

Trust: 0.9

sources: BID: 61601 // CNNVD: CNNVD-201308-044

SOURCES

db:	VULHUB	id:	VHN-63452
db:	BID	id:	61601
db:	JVNDB	id:	JVNDB-2013-003641
db:	CNNVD	id:	CNNVD-201308-044
db:	NVD	id:	CVE-2013-3450

LAST UPDATE DATE

2024-08-14T14:21:17.451000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63452	date:	2013-08-05T00:00:00
db:	BID	id:	61601	date:	2013-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2013-003641	date:	2013-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201308-044	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-3450	date:	2013-08-05T13:22:47.910

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63452	date:	2013-08-05T00:00:00
db:	BID	id:	61601	date:	2013-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2013-003641	date:	2013-08-06T00:00:00
db:	CNNVD	id:	CNNVD-201308-044	date:	2013-08-22T00:00:00
db:	NVD	id:	CVE-2013-3450	date:	2013-08-05T13:22:47.910