Sign-up

ID

VAR-201310-0515


CVE

CVE-2013-5532


TITLE

Cisco 9900 IP phones of Web Application interface buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004602

DESCRIPTION

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. The Cisco Unified IP Phones 9900 is an IP telephony device developed by Cisco. The vulnerability is due to the lack of adequate filtering of some of the fields, allowing the attacker to overflow some of the input fields for a denial of service attack. The Cisco Unified IP Phone 9900 series is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user supplied input. This issue is tracked by Cisco Bug ID CSCuh10343. This product provides voice and video functions

Trust: 2.52

sources: NVD: CVE-2013-5532 // JVNDB: JVNDB-2013-004602 // CNVD: CNVD-2013-13703 // BID: 62944 // VULHUB: VHN-65534

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13703

AFFECTED PRODUCTS

vendor:ciscomodel:unified ip phones 9900 seriesscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified ip phone 9971scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phone 9951scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phonescope:eqversion:9951

Trust: 0.8

vendor:ciscomodel:unified ip phonescope:eqversion:9971

Trust: 0.8

vendor:ciscomodel:unified ip phone 9900 seriesscope:lteversion:9.3.2 sr1

Trust: 0.8

vendor:ciscomodel:unified ip phones seriesscope:eqversion:9900

Trust: 0.6

sources: CNVD: CNVD-2013-13703 // JVNDB: JVNDB-2013-004602 // CNNVD: CNNVD-201310-183 // NVD: CVE-2013-5532

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5532
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5532
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-13703
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-183
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65534
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5532
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13703
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65534
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13703 // VULHUB: VHN-65534 // JVNDB: JVNDB-2013-004602 // CNNVD: CNNVD-201310-183 // NVD: CVE-2013-5532

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65534 // JVNDB: JVNDB-2013-004602 // NVD: CVE-2013-5532

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-183

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-183

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004602

PATCH
title:Cisco 9900 Series Phone webapp Buffer Overflow Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5532
Trust: 0.8
title:31213url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31213
Trust: 0.8
title:Patch for Cisco Unified IP Phones 9900 Series webapp Remote Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40206
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13703 // 
            
            
            
            JVNDB: JVNDB-2013-004602

EXTERNAL IDS
db:NVDid:CVE-2013-5532
Trust: 3.4
db:BIDid:62944
Trust: 2.0
db:OSVDBid:98338
Trust: 1.1
db:SECUNIAid:55275
Trust: 1.1
db:JVNDBid:JVNDB-2013-004602
Trust: 0.8
db:CNNVDid:CNNVD-201310-183
Trust: 0.7
db:CNVDid:CNVD-2013-13703
Trust: 0.6
db:CISCOid:20131010 CISCO 9900 SERIES PHONE WEBAPP BUFFER OVERFLOW VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65534
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13703 // 
            
            
            
            VULHUB: VHN-65534 // 
            
            
            
            BID: 62944 // 
            
            
            
            JVNDB: JVNDB-2013-004602 // 
            
            
            
            CNNVD: CNNVD-201310-183 // 
            
            
            
            NVD: CVE-2013-5532

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5532
Trust: 2.3
url:http://www.securityfocus.com/bid/62944
Trust: 1.1
url:http://osvdb.org/98338
Trust: 1.1
url:http://secunia.com/advisories/55275
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5532
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5532
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuh10343
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13703 // 
            
            
            
            VULHUB: VHN-65534 // 
            
            
            
            BID: 62944 // 
            
            
            
            JVNDB: JVNDB-2013-004602 // 
            
            
            
            CNNVD: CNNVD-201310-183 // 
            
            
            
            NVD: CVE-2013-5532

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62944

SOURCES
db:CNVDid:CNVD-2013-13703
db:VULHUBid:VHN-65534
db:BIDid:62944
db:JVNDBid:JVNDB-2013-004602
db:CNNVDid:CNNVD-201310-183
db:NVDid:CVE-2013-5532

LAST UPDATE DATE
2024-11-23T22:18:43.830000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13703date:2013-10-16T00:00:00
db:VULHUBid:VHN-65534date:2016-09-22T00:00:00
db:BIDid:62944date:2013-10-16T00:54:00
db:JVNDBid:JVNDB-2013-004602date:2013-10-15T00:00:00
db:CNNVDid:CNNVD-201310-183date:2013-10-15T00:00:00
db:NVDid:CVE-2013-5532date:2024-11-21T01:57:39.200

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13703date:2013-10-15T00:00:00
db:VULHUBid:VHN-65534date:2013-10-11T00:00:00
db:BIDid:62944date:2013-10-10T00:00:00
db:JVNDBid:JVNDB-2013-004602date:2013-10-15T00:00:00
db:CNNVDid:CNNVD-201310-183date:2013-10-15T00:00:00
db:NVDid:CVE-2013-5532date:2013-10-11T03:54:53.817