Details of VAR-201311-0229

ID

VAR-201311-0229

CVE

CVE-2013-6689

TITLE

Cisco Unified Communications Manager Vulnerabilities in which file permissions are bypassed

Trust: 0.8

sources: JVNDB: JVNDB-2013-005148

DESCRIPTION

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229. Cisco Unified Communications Manager is prone to a local security bypass vulnerability because it fails to sanitize user-supplied input. Local attacker can exploit this issue to read or write arbitrary files on the filesystem. Successful exploits will result in the complete compromise of the affected computers. This issue is being tracked by Cisco Bug ID CSCui58229. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A security vulnerability exists in the command line tools in CUCM 9.1(1) and earlier versions

Trust: 1.98

sources: NVD: CVE-2013-6689 // JVNDB: JVNDB-2013-005148 // BID: 63731 // VULHUB: VHN-66691

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)su1	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su3	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su2	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2c\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(1\)su1a	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2\)	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0	Trust: 1.6
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3d\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3c\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(2\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(3e\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.0	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	3.3\(5\)sr2a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.1\(3\)sr4	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	5.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.0\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.3	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.0\(3a\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	4.2.3sr2b	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(4\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.0\(1a\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	6.1\(1b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(5b\)su1a	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	lte	version:	9.1(1)	Trust: 0.8
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.1	Trust: 0.3

sources: BID: 63731 // JVNDB: JVNDB-2013-005148 // CNNVD: CNNVD-201311-243 // NVD: CVE-2013-6689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6689
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6689
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201311-243
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66691
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6689
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66691
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66691 // JVNDB: JVNDB-2013-005148 // CNNVD: CNNVD-201311-243 // NVD: CVE-2013-6689

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66691 // JVNDB: JVNDB-2013-005148 // NVD: CVE-2013-6689

THREAT TYPE

local

Trust: 0.9

sources: BID: 63731 // CNNVD: CNNVD-201311-243

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201311-243

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005148

PATCH

title:	Cisco Unified Communications Manager Arbitrary File Read/Write Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689	Trust: 0.8
title:	31758	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31758	Trust: 0.8

sources: JVNDB: JVNDB-2013-005148

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6689	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-005148	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-243	Trust: 0.7
db:	CISCO	id:	20131113 CISCO UNIFIED COMMUNICATIONS MANAGER ARBITRARY FILE READ/WRITE VULNERABILITY	Trust: 0.6
db:	BID	id:	63731	Trust: 0.4
db:	VULHUB	id:	VHN-66691	Trust: 0.1

sources: VULHUB: VHN-66691 // BID: 63731 // JVNDB: JVNDB-2013-005148 // CNNVD: CNNVD-201311-243 // NVD: CVE-2013-6689

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6689	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31758	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6689	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6689	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-66691 // BID: 63731 // JVNDB: JVNDB-2013-005148 // CNNVD: CNNVD-201311-243 // NVD: CVE-2013-6689

CREDITS

Cisco

Trust: 0.3

sources: BID: 63731

SOURCES

db:	VULHUB	id:	VHN-66691
db:	BID	id:	63731
db:	JVNDB	id:	JVNDB-2013-005148
db:	CNNVD	id:	CNNVD-201311-243
db:	NVD	id:	CVE-2013-6689

LAST UPDATE DATE

2024-11-23T22:13:50.955000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66691	date:	2013-11-19T00:00:00
db:	BID	id:	63731	date:	2013-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005148	date:	2013-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201311-243	date:	2013-11-21T00:00:00
db:	NVD	id:	CVE-2013-6689	date:	2024-11-21T01:59:33.560

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66691	date:	2013-11-18T00:00:00
db:	BID	id:	63731	date:	2013-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2013-005148	date:	2013-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201311-243	date:	2013-11-21T00:00:00
db:	NVD	id:	CVE-2013-6689	date:	2013-11-18T03:55:06.133