Sign-up

ID

VAR-201312-0320


CVE

CVE-2013-7030


TITLE

Cisco Unified Communications Manager of TFTP Vulnerabilities in which important information is obtained from telephones in services

Trust: 0.8

sources: JVNDB: JVNDB-2013-006854

DESCRIPTION

The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue. ** Unsettled ** This case has not been confirmed as a vulnerability. An attacker can exploit this issue to view arbitrary files in the context of the affected application. This may aid in further attacks

Trust: 1.98

sources: NVD: CVE-2013-7030 // JVNDB: JVNDB-2013-006854 // BID: 64294 // VULHUB: VHN-67032

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 64294 // JVNDB: JVNDB-2013-006854 // NVD: CVE-2013-7030

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7030
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2013-7030
value: HIGH

Trust: 1.0

NVD: CVE-2013-7030
value: MEDIUM

Trust: 0.8

VULHUB: VHN-67032
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-7030
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-67032
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2013-7030
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 4.7
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-67032 // JVNDB: JVNDB-2013-006854 // NVD: CVE-2013-7030 // NVD: CVE-2013-7030

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-67032 // JVNDB: JVNDB-2013-006854 // NVD: CVE-2013-7030

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-419

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201312-419

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006854

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-67032

PATCH
title:ユニファイド コミュニケーションurl:http://www.cisco.com/web/JP/product/hs/iptel/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006854

EXTERNAL IDS
db:NVDid:CVE-2013-7030
Trust: 2.8
db:EXPLOIT-DBid:30237
Trust: 1.7
db:OSVDBid:100916
Trust: 1.1
db:JVNDBid:JVNDB-2013-006854
Trust: 0.8
db:CNNVDid:CNNVD-201312-419
Trust: 0.6
db:BIDid:64294
Trust: 0.4
db:SEEBUGid:SSVID-83676
Trust: 0.1
db:VULHUBid:VHN-67032
Trust: 0.1
sources:
            
            
            VULHUB: VHN-67032 // 
            
            
            
            BID: 64294 // 
            
            
            
            JVNDB: JVNDB-2013-006854 // 
            
            
            
            CNNVD: CNNVD-201312-419 // 
            
            
            
            NVD: CVE-2013-7030

REFERENCES
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89649
Trust: 2.5
url:http://www.exploit-db.com/exploits/30237/
Trust: 1.7
url:http://osvdb.org/100916
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7030
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7030
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2013-7030
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-67032 // 
            
            
            
            BID: 64294 // 
            
            
            
            JVNDB: JVNDB-2013-006854 // 
            
            
            
            CNNVD: CNNVD-201312-419 // 
            
            
            
            NVD: CVE-2013-7030

CREDITS
daniel svartman
Trust: 0.3
sources:
            
            
            BID: 64294

SOURCES
db:VULHUBid:VHN-67032
db:BIDid:64294
db:JVNDBid:JVNDB-2013-006854
db:CNNVDid:CNNVD-201312-419
db:NVDid:CVE-2013-7030

LAST UPDATE DATE
2024-11-23T21:55:28.911000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-67032date:2017-08-29T00:00:00
db:BIDid:64294date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-006854date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201312-419date:2021-11-22T00:00:00
db:NVDid:CVE-2013-7030date:2024-11-21T02:00:12.347

SOURCES RELEASE DATE
db:VULHUBid:VHN-67032date:2013-12-12T00:00:00
db:BIDid:64294date:2013-12-12T00:00:00
db:JVNDBid:JVNDB-2013-006854date:2019-07-29T00:00:00
db:CNNVDid:CNNVD-201312-419date:2013-12-12T00:00:00
db:NVDid:CVE-2013-7030date:2013-12-12T17:55:03.783