Sign-up

ID

VAR-201310-0516


CVE

CVE-2013-5533


TITLE

Cisco 9900 Unified IP phones of image-upgrade Vulnerabilities that can be authorized for functions

Trust: 0.8

sources: JVNDB: JVNDB-2013-004603

DESCRIPTION

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. Cisco 9900 Unified IP phones of image-upgrade There are vulnerabilities that can be used to obtain privileges. The vulnerability is due to insufficient filtering of input during the image upgrade process. An attacker can use the \";\" sign to inject shell commands and execute them. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCuh10334. This product provides voice and video functions

Trust: 2.52

sources: NVD: CVE-2013-5533 // JVNDB: JVNDB-2013-004603 // CNVD: CNVD-2013-13704 // BID: 62943 // VULHUB: VHN-65535

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13704

AFFECTED PRODUCTS

vendor:ciscomodel:unified ip phones 9900 seriesscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified ip phone 9971scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phone 9951scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phonescope:eqversion:9951

Trust: 0.8

vendor:ciscomodel:unified ip phonescope:eqversion:9971

Trust: 0.8

vendor:ciscomodel:unified ip phone 9900 seriesscope:lteversion:9.3.2 sr1

Trust: 0.8

vendor:ciscomodel:unified ip phones seriesscope:eqversion:9900

Trust: 0.6

sources: CNVD: CNVD-2013-13704 // JVNDB: JVNDB-2013-004603 // CNNVD: CNNVD-201310-184 // NVD: CVE-2013-5533

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5533
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5533
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-13704
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-184
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65535
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5533
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13704
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65535
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13704 // VULHUB: VHN-65535 // JVNDB: JVNDB-2013-004603 // CNNVD: CNNVD-201310-184 // NVD: CVE-2013-5533

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65535 // JVNDB: JVNDB-2013-004603 // NVD: CVE-2013-5533

THREAT TYPE

local

Trust: 0.9

sources: BID: 62943 // CNNVD: CNNVD-201310-184

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201310-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004603

PATCH
title:Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533
Trust: 0.8
title:31214url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31214
Trust: 0.8
title:Patch for the Cisco Unified IP Phones 9900 Series Firmware Upgrade Command Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/40212
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13704 // 
            
            
            
            JVNDB: JVNDB-2013-004603

EXTERNAL IDS
db:NVDid:CVE-2013-5533
Trust: 3.4
db:BIDid:62943
Trust: 2.0
db:OSVDBid:98337
Trust: 1.1
db:JVNDBid:JVNDB-2013-004603
Trust: 0.8
db:CNNVDid:CNNVD-201310-184
Trust: 0.7
db:CNVDid:CNVD-2013-13704
Trust: 0.6
db:CISCOid:20131010 CISCO UNIFIED IP PHONES 9900 SERIES IMAGE UPGRADE COMMAND INJECTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65535
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13704 // 
            
            
            
            VULHUB: VHN-65535 // 
            
            
            
            BID: 62943 // 
            
            
            
            JVNDB: JVNDB-2013-004603 // 
            
            
            
            CNNVD: CNNVD-201310-184 // 
            
            
            
            NVD: CVE-2013-5533

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5533
Trust: 2.3
url:http://www.securityfocus.com/bid/62943
Trust: 1.1
url:http://osvdb.org/98337
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5533
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5533
Trust: 0.8
url:http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuh10334
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13704 // 
            
            
            
            VULHUB: VHN-65535 // 
            
            
            
            BID: 62943 // 
            
            
            
            JVNDB: JVNDB-2013-004603 // 
            
            
            
            CNNVD: CNNVD-201310-184 // 
            
            
            
            NVD: CVE-2013-5533

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62943

SOURCES
db:CNVDid:CNVD-2013-13704
db:VULHUBid:VHN-65535
db:BIDid:62943
db:JVNDBid:JVNDB-2013-004603
db:CNNVDid:CNNVD-201310-184
db:NVDid:CVE-2013-5533

LAST UPDATE DATE
2024-11-23T21:55:30.575000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13704date:2013-10-16T00:00:00
db:VULHUBid:VHN-65535date:2016-09-22T00:00:00
db:BIDid:62943date:2013-10-16T00:54:00
db:JVNDBid:JVNDB-2013-004603date:2013-10-15T00:00:00
db:CNNVDid:CNNVD-201310-184date:2013-10-15T00:00:00
db:NVDid:CVE-2013-5533date:2024-11-21T01:57:39.300

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13704date:2013-10-15T00:00:00
db:VULHUBid:VHN-65535date:2013-10-11T00:00:00
db:BIDid:62943date:2013-10-10T00:00:00
db:JVNDBid:JVNDB-2013-004603date:2013-10-15T00:00:00
db:CNNVDid:CNNVD-201310-184date:2013-10-15T00:00:00
db:NVDid:CVE-2013-5533date:2013-10-11T03:54:53.830