Details of VAR-201310-0509

ID

VAR-201310-0509

CVE

CVE-2013-5526

TITLE

Cisco 9900 Fourth-Generation IP Phone Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-004599

DESCRIPTION

Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698. The Cisco Unified IP Phones 9900 is an IP telephony device developed by Cisco. A denial of service vulnerability exists in the Cisco Unified IP Phones 9900 Series. This issue is tracked by Cisco Bug ID CSCuf06698. This product provides voice and video functions. The vulnerability is caused by the program not properly handling SDP packets

Trust: 2.52

sources: NVD: CVE-2013-5526 // JVNDB: JVNDB-2013-004599 // CNVD: CNVD-2013-13656 // BID: 62905 // VULHUB: VHN-65528

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13656

AFFECTED PRODUCTS

vendor:	cisco	model:	unified ip phone 9951	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified ip phone 9971	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	unified ip phone 9971	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified ip phone 9951	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified ip phones series	scope:	eq	version:	9900	Trust: 0.6

sources: CNVD: CNVD-2013-13656 // JVNDB: JVNDB-2013-004599 // CNNVD: CNNVD-201310-150 // NVD: CVE-2013-5526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5526
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-5526
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-13656
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-150
value:	HIGH
Trust: 0.6
VULHUB:	VHN-65528
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-5526
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-13656
severity:	MEDIUM
baseScore:	5.4
vectorString:	AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65528
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-13656 // VULHUB: VHN-65528 // JVNDB: JVNDB-2013-004599 // CNNVD: CNNVD-201310-150 // NVD: CVE-2013-5526

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-65528 // JVNDB: JVNDB-2013-004599 // NVD: CVE-2013-5526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-150

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-150

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004599

PATCH

title:	Cisco Fourth-Generation RT Style IP Phone Crafted SDP Packet Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5526	Trust: 0.8
title:	31200	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31200	Trust: 0.8
title:	Patch for Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40137	Trust: 0.6

sources: CNVD: CNVD-2013-13656 // JVNDB: JVNDB-2013-004599

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5526	Trust: 3.4
db:	BID	id:	62905	Trust: 2.0
db:	SECUNIA	id:	55231	Trust: 1.1
db:	OSVDB	id:	98254	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004599	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-150	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13656	Trust: 0.6
db:	CISCO	id:	20131009 CISCO FOURTH-GENERATION RT STYLE IP PHONE CRAFTED SDP PACKET VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65528	Trust: 0.1

sources: CNVD: CNVD-2013-13656 // VULHUB: VHN-65528 // BID: 62905 // JVNDB: JVNDB-2013-004599 // CNNVD: CNNVD-201310-150 // NVD: CVE-2013-5526

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5526	Trust: 2.3
url:	http://www.securityfocus.com/bid/62905	Trust: 1.1
url:	http://osvdb.org/98254	Trust: 1.1
url:	http://secunia.com/advisories/55231	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5526	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5526	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2013-13656 // VULHUB: VHN-65528 // BID: 62905 // JVNDB: JVNDB-2013-004599 // CNNVD: CNNVD-201310-150 // NVD: CVE-2013-5526

CREDITS

Cisco

Trust: 0.3

sources: BID: 62905

SOURCES

db:	CNVD	id:	CNVD-2013-13656
db:	VULHUB	id:	VHN-65528
db:	BID	id:	62905
db:	JVNDB	id:	JVNDB-2013-004599
db:	CNNVD	id:	CNNVD-201310-150
db:	NVD	id:	CVE-2013-5526

LAST UPDATE DATE

2024-11-23T22:39:04.570000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13656	date:	2013-10-15T00:00:00
db:	VULHUB	id:	VHN-65528	date:	2016-09-22T00:00:00
db:	BID	id:	62905	date:	2013-10-10T19:55:00
db:	JVNDB	id:	JVNDB-2013-004599	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201310-150	date:	2013-10-11T00:00:00
db:	NVD	id:	CVE-2013-5526	date:	2024-11-21T01:57:38.527

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13656	date:	2013-10-12T00:00:00
db:	VULHUB	id:	VHN-65528	date:	2013-10-10T00:00:00
db:	BID	id:	62905	date:	2013-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2013-004599	date:	2013-10-11T00:00:00
db:	CNNVD	id:	CNNVD-201310-150	date:	2013-10-11T00:00:00
db:	NVD	id:	CVE-2013-5526	date:	2013-10-10T10:55:06.723