Sign-up

ID

VAR-201308-0218


CVE

CVE-2013-3472


TITLE

Cisco Unified Communications Manager of Enterprise License Manager Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-003940

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the Enterprise License Manager (ELM) in Cisco Unified Communications Manager (CM) allows remote attackers to hijack the authentication of arbitrary users for requests that make ELM modifications, aka Bug ID CSCui58210. Vendors have confirmed this vulnerability Bug ID CSCui58210 It is released as.A third party is hijacking the authentication of any user, ELM Changes may be made. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue is being tracked by Cisco bug IDs CSCui58210 and CSCul33890. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-3472 // JVNDB: JVNDB-2013-003940 // BID: 62032 // VULHUB: VHN-63474

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:9.1(1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.6

sources: JVNDB: JVNDB-2013-003940 // CNNVD: CNNVD-201308-455 // NVD: CVE-2013-3472

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3472
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3472
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-455
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63474
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3472
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63474
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63474 // JVNDB: JVNDB-2013-003940 // CNNVD: CNNVD-201308-455 // NVD: CVE-2013-3472

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-63474 // JVNDB: JVNDB-2013-003940 // NVD: CVE-2013-3472

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-455

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201308-455

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003940

PATCH
title:Cisco Unified Communications Manager Enterprise License Manager CSRF Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3472
Trust: 0.8
title:30529url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30529
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003940

EXTERNAL IDS
db:NVDid:CVE-2013-3472
Trust: 2.8
db:SECTRACKid:1028963
Trust: 1.1
db:BIDid:62032
Trust: 1.0
db:JVNDBid:JVNDB-2013-003940
Trust: 0.8
db:CNNVDid:CNNVD-201308-455
Trust: 0.7
db:CISCOid:20130828 CISCO UNIFIED COMMUNICATIONS MANAGER ENTERPRISE LICENSE MANAGER CSRF VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-63474
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63474 // 
            
            
            
            BID: 62032 // 
            
            
            
            JVNDB: JVNDB-2013-003940 // 
            
            
            
            CNNVD: CNNVD-201308-455 // 
            
            
            
            NVD: CVE-2013-3472

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3472
Trust: 1.7
url:http://www.securitytracker.com/id/1028963
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3472
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3472
Trust: 0.8
url:http://www.securityfocus.com/bid/62032
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63474 // 
            
            
            
            BID: 62032 // 
            
            
            
            JVNDB: JVNDB-2013-003940 // 
            
            
            
            CNNVD: CNNVD-201308-455 // 
            
            
            
            NVD: CVE-2013-3472

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 62032 // 
            
            
            
            CNNVD: CNNVD-201308-455

SOURCES
db:VULHUBid:VHN-63474
db:BIDid:62032
db:JVNDBid:JVNDB-2013-003940
db:CNNVDid:CNNVD-201308-455
db:NVDid:CVE-2013-3472

LAST UPDATE DATE
2024-08-14T15:24:49.175000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63474date:2016-11-04T00:00:00
db:BIDid:62032date:2013-11-15T00:54:00
db:JVNDBid:JVNDB-2013-003940date:2013-09-02T00:00:00
db:CNNVDid:CNNVD-201308-455date:2013-08-30T00:00:00
db:NVDid:CVE-2013-3472date:2016-11-04T19:48:41.547

SOURCES RELEASE DATE
db:VULHUBid:VHN-63474date:2013-08-29T00:00:00
db:BIDid:62032date:2013-08-28T00:00:00
db:JVNDBid:JVNDB-2013-003940date:2013-09-02T00:00:00
db:CNNVDid:CNNVD-201308-455date:2013-08-29T00:00:00
db:NVDid:CVE-2013-3472date:2013-08-29T12:07:54.057