CVE-2013-5533

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/98337
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533	Vendor Advisory
http://www.securityfocus.com/bid/62943	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:unified_ip_phone_9951::::::::
	cpe:2.3:h:cisco:unified_ip_phone_9971::::::::

History

No history.

Information

Published : 2013-10-11 03:54

Updated : 2024-02-04 18:16

NVD link : CVE-2013-5533

Mitre link : CVE-2013-5533

CVE.ORG link : CVE-2013-5533

JSON object : View

Products Affected

cisco

unified_ip_phone_9971
unified_ip_phone_9951
unified_ip_phones_9900_series_firmware

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2013-5533", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-11T03:54:53.830", "references": [{"url": "http://osvdb.org/98337", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/62943", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334."}, {"lang": "es", "value": "La funcionalidad image.upgrade en tel\u00e9fonos IP Cisco 9900 Unified permite a usuarios locales obtener privilegios colocando comandos shell en un par\u00e1metro no especificado, tambien conocido como Bug ID CSCuh10334."}], "lastModified": "2016-09-22T17:46:50.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68471A4F-8395-4F20-A804-CA420EFCF5E9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5577F66E-FCAD-4FE4-9E12-A824FD5B37E3"}, {"criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BE3EAE9-ED3B-4E53-ABCE-65A65BD2E7EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}