Details of VAR-201308-0210

ID

VAR-201308-0210

CVE

CVE-2013-3462

TITLE

Cisco Unified Communications Manager Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-003871

DESCRIPTION

Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCud54358. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The following releases are affected: Cisco Unified CM 7.1(x) prior to 7.1(5b)su6, 8.5(x) prior to 8.5(1)su6, 8.6(x) prior to 8.6(2a)su3, 9.1(2 ) prior to 9.x versions

Trust: 1.98

sources: NVD: CVE-2013-3462 // JVNDB: JVNDB-2013-003871 // BID: 61913 // VULHUB: VHN-63464

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.9
vendor:	cisco	model:	unified communications manager 7.1	scope:	-	version:	-	Trust: 1.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager 7.1 su1	scope:	-	version:	-	Trust: 1.5
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.1\(a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)su6	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6(2a)su3	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5b)su6	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	7.1(x)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	8.5(x)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	lt	version:	8.6(x)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(2)	Trust: 0.8
vendor:	cisco	model:	unified communications manager 7.1 su2	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 7.1 su1a	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications manager 8.6 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager 7.1 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(5)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(3)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1(2)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1	Trust: 0.3

sources: BID: 61913 // JVNDB: JVNDB-2013-003871 // CNNVD: CNNVD-201308-359 // NVD: CVE-2013-3462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3462
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3462
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-359
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63464
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3462
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2013-3462
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-63464
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63464 // JVNDB: JVNDB-2013-003871 // CNNVD: CNNVD-201308-359 // NVD: CVE-2013-3462

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-63464 // JVNDB: JVNDB-2013-003871 // NVD: CVE-2013-3462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-359

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201308-359

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003871

PATCH

title:	cisco-sa-20130821-cucm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-cucm	Trust: 0.8
title:	30434	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30434	Trust: 0.8
title:	cisco-sa-20130821-cucm	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119757_cisco-sa-20130821-cucm-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-003871

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3462	Trust: 2.8
db:	SECTRACK	id:	1028938	Trust: 1.1
db:	BID	id:	61913	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003871	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-359	Trust: 0.7
db:	CISCO	id:	20130821 MULTIPLE VULNERABILITIES IN CISCO UNIFIED COMMUNICATIONS MANAGER	Trust: 0.6
db:	VULHUB	id:	VHN-63464	Trust: 0.1

sources: VULHUB: VHN-63464 // BID: 61913 // JVNDB: JVNDB-2013-003871 // CNNVD: CNNVD-201308-359 // NVD: CVE-2013-3462

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130821-cucm	Trust: 1.7
url:	http://www.securitytracker.com/id/1028938	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3462	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3462	Trust: 0.8
url:	http://www.securityfocus.com/bid/61913	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html	Trust: 0.3

sources: VULHUB: VHN-63464 // BID: 61913 // JVNDB: JVNDB-2013-003871 // CNNVD: CNNVD-201308-359 // NVD: CVE-2013-3462

CREDITS

Cisco

Trust: 0.9

sources: BID: 61913 // CNNVD: CNNVD-201308-359

SOURCES

db:	VULHUB	id:	VHN-63464
db:	BID	id:	61913
db:	JVNDB	id:	JVNDB-2013-003871
db:	CNNVD	id:	CNNVD-201308-359
db:	NVD	id:	CVE-2013-3462

LAST UPDATE DATE

2024-08-14T13:58:12.187000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63464	date:	2016-11-07T00:00:00
db:	BID	id:	61913	date:	2013-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003871	date:	2013-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201308-359	date:	2013-08-27T00:00:00
db:	NVD	id:	CVE-2013-3462	date:	2016-11-07T15:02:02.063

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63464	date:	2013-08-25T00:00:00
db:	BID	id:	61913	date:	2013-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2013-003871	date:	2013-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201308-359	date:	2013-08-26T00:00:00
db:	NVD	id:	CVE-2013-3462	date:	2013-08-25T03:27:32.690