Sign-up

ID

VAR-201311-0239


CVE

CVE-2013-6685


TITLE

Cisco Unified IP phones Vulnerabilities that can be used to acquire privileges in the firmware of

Trust: 0.8

sources: JVNDB: JVNDB-2013-005111

DESCRIPTION

The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. An attacker with local access could potentially exploit this issue to gain escalated privileges. Successful exploits will completely compromise the affected device. This issue is tracked by Cisco Bug ID CSCui04382. The device provides functions such as voice and video. A local attacker could exploit this vulnerability by mounting the device with a malicious file system to take complete control of the affected device

Trust: 2.52

sources: NVD: CVE-2013-6685 // JVNDB: JVNDB-2013-005111 // CNVD: CNVD-2013-14476 // BID: 63687 // VULHUB: VHN-66687

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-14476

AFFECTED PRODUCTS

vendor:ciscomodel:unified ip phonescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified ip phone 8961scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phone 9971scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phone 9951scope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified ip phone 8961scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified ip phone 9900 seriesscope:lteversion:9.4.1

Trust: 0.8

vendor:ciscomodel:unified ip phone 9951scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified ip phone 9971scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified ip phones seriesscope:eqversion:9900

Trust: 0.6

sources: CNVD: CNVD-2013-14476 // JVNDB: JVNDB-2013-005111 // CNNVD: CNNVD-201311-202 // NVD: CVE-2013-6685

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6685
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6685
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-14476
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201311-202
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66687
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6685
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-14476
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66687
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-14476 // VULHUB: VHN-66687 // JVNDB: JVNDB-2013-005111 // CNNVD: CNNVD-201311-202 // NVD: CVE-2013-6685

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66687 // JVNDB: JVNDB-2013-005111 // NVD: CVE-2013-6685

THREAT TYPE

local

Trust: 0.9

sources: BID: 63687 // CNNVD: CNNVD-201311-202

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201311-202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005111

PATCH
title:Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685
Trust: 0.8
title:31741url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31741
Trust: 0.8
title:Patch for Cisco Unified IP Phone 8900/9900 Series Unsecure File Permission Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41128
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14476 // 
            
            
            
            JVNDB: JVNDB-2013-005111

EXTERNAL IDS
db:NVDid:CVE-2013-6685
Trust: 3.4
db:BIDid:63687
Trust: 1.0
db:JVNDBid:JVNDB-2013-005111
Trust: 0.8
db:CNNVDid:CNNVD-201311-202
Trust: 0.7
db:CNVDid:CNVD-2013-14476
Trust: 0.6
db:CISCOid:20131112 CISCO UNIFIED IP PHONE 8900/9900 SERIES INSECURE FILE PERMISSIONS VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-91776
Trust: 0.1
db:VULHUBid:VHN-66687
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-14476 // 
            
            
            
            VULHUB: VHN-66687 // 
            
            
            
            BID: 63687 // 
            
            
            
            JVNDB: JVNDB-2013-005111 // 
            
            
            
            CNNVD: CNNVD-201311-202 // 
            
            
            
            NVD: CVE-2013-6685

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6685
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6685
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6685
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14476 // 
            
            
            
            VULHUB: VHN-66687 // 
            
            
            
            BID: 63687 // 
            
            
            
            JVNDB: JVNDB-2013-005111 // 
            
            
            
            CNNVD: CNNVD-201311-202 // 
            
            
            
            NVD: CVE-2013-6685

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63687

SOURCES
db:CNVDid:CNVD-2013-14476
db:VULHUBid:VHN-66687
db:BIDid:63687
db:JVNDBid:JVNDB-2013-005111
db:CNNVDid:CNNVD-201311-202
db:NVDid:CVE-2013-6685

LAST UPDATE DATE
2024-11-23T22:23:12.821000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14476date:2013-11-15T00:00:00
db:VULHUBid:VHN-66687date:2013-11-14T00:00:00
db:BIDid:63687date:2013-11-15T00:33:00
db:JVNDBid:JVNDB-2013-005111date:2013-11-15T00:00:00
db:CNNVDid:CNNVD-201311-202date:2013-11-15T00:00:00
db:NVDid:CVE-2013-6685date:2024-11-21T01:59:33.093

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-14476date:2013-11-15T00:00:00
db:VULHUBid:VHN-66687date:2013-11-13T00:00:00
db:BIDid:63687date:2013-11-12T00:00:00
db:JVNDBid:JVNDB-2013-005111date:2013-11-15T00:00:00
db:CNNVDid:CNNVD-201311-202date:2013-11-15T00:00:00
db:NVDid:CVE-2013-6685date:2013-11-13T15:55:04.550