Details of VAR-201311-0228

ID

VAR-201311-0228

CVE

CVE-2013-6688

TITLE

Cisco Unified Communications Manager of Enterprise License Manager Component vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2013-005147

DESCRIPTION

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222. Vendors report this vulnerability Bug ID CSCui58222 Published as.Arbitrary files could be created by a remotely authenticated user via a crafted path. Exploiting this issue may allow an attacker to upload arbitrary files to arbitrary locations that could aid in further attacks. This issue is being tracked by Cisco Bug ID CSCui58222. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2013-6688 // JVNDB: JVNDB-2013-005147 // BID: 63733 // VULHUB: VHN-66690

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3d\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3e\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1	Trust: 0.3

sources: BID: 63733 // JVNDB: JVNDB-2013-005147 // CNNVD: CNNVD-201311-242 // NVD: CVE-2013-6688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6688
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6688
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201311-242
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66690
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6688
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2013-6688
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-66690
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66690 // JVNDB: JVNDB-2013-005147 // CNNVD: CNNVD-201311-242 // NVD: CVE-2013-6688

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-66690 // JVNDB: JVNDB-2013-005147 // NVD: CVE-2013-6688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-242

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201311-242

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005147

PATCH

title:	Cisco Enterprise License Manager Path Traversal Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688	Trust: 0.8
title:	31759	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31759	Trust: 0.8

sources: JVNDB: JVNDB-2013-005147

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6688	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-005147	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-242	Trust: 0.7
db:	CISCO	id:	20131113 CISCO ENTERPRISE LICENSE MANAGER PATH TRAVERSAL VULNERABILITY	Trust: 0.6
db:	BID	id:	63733	Trust: 0.4
db:	VULHUB	id:	VHN-66690	Trust: 0.1

sources: VULHUB: VHN-66690 // BID: 63733 // JVNDB: JVNDB-2013-005147 // CNNVD: CNNVD-201311-242 // NVD: CVE-2013-6688

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6688	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31759	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6688	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6688	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66690 // BID: 63733 // JVNDB: JVNDB-2013-005147 // CNNVD: CNNVD-201311-242 // NVD: CVE-2013-6688

CREDITS

Cisco

Trust: 0.3

sources: BID: 63733

SOURCES

db:	VULHUB	id:	VHN-66690
db:	BID	id:	63733
db:	JVNDB	id:	JVNDB-2013-005147
db:	CNNVD	id:	CNNVD-201311-242
db:	NVD	id:	CVE-2013-6688

LAST UPDATE DATE

2024-11-23T21:55:30.353000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66690	date:	2013-11-19T00:00:00
db:	BID	id:	63733	date:	2013-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005147	date:	2013-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201311-242	date:	2013-11-21T00:00:00
db:	NVD	id:	CVE-2013-6688	date:	2024-11-21T01:59:33.433

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66690	date:	2013-11-18T00:00:00
db:	BID	id:	63733	date:	2013-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005147	date:	2013-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201311-242	date:	2013-11-21T00:00:00
db:	NVD	id:	CVE-2013-6688	date:	2013-11-18T03:55:06.103