cve-2013-3433
Vulnerability from cvelistv5
Published
2013-07-18 00:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:38.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61297",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61297"
},
{
"name": "54249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54249"
},
{
"name": "95404",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/95404"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-17T21:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "61297",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61297"
},
{
"name": "54249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54249"
},
{
"name": "95404",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/95404"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61297"
},
{
"name": "54249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54249"
},
{
"name": "95404",
"refsource": "OSVDB",
"url": "http://osvdb.org/95404"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3433",
"datePublished": "2013-07-18T00:00:00",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:38.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B591E75E-040C-4D26-AF13-A4F87E048579\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2a\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F22B2CDE-DB49-402D-8BF2-B9458D907DDE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18986D7E-E1E6-46EB-A247-2A98224FC122\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2b\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFAAC2E8-B548-4940-9492-DEAB574E7CF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46BDD926-7F96-46C5-AD9C-40B7D3C78340\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BA63076-B8A1-4672-99F3-703F7838F3A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3a\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3a\\\\)su1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F84676C-75A5-48D2-889D-B48EC724336F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EA15D48-A0DE-4091-8C78-666E98B488C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3b\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3038823F-C32D-4C1B-8228-D14B35535297\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3b\\\\)su2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ECDCE1A-176D-46E0-9C39-19FAD7B57892\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6856A2A-55F4-4785-BEC1-54295D7D9CD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5\\\\)su1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2727998A-ED1F-4EFE-9952-7DA8486706D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F61FD826-A08E-477C-AA57-359B10387035\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A9EDB91-350B-4ED4-A177-257023380C44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CBA6140-CEF7-4990-9A1E-76F02607BA84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F0A5B28-0211-4173-BD91-67BCA3267C95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"74323C2F-949A-4A97-8A1A-1D0A470B93BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E69A9EC1-7078-4866-986E-D2842CFDC404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EE6F189-C6AE-43C3-8E2C-741B4D63FA82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C73894A0-E3F3-4C92-A1D0-7762F2612F16\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"248E4608-B870-4913-8048-3771685CBD77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52D7EECA-322E-48E4-9682-6C3C39B64B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"547E3100-EFBF-4F30-8D9E-81F8B79D9F9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCE55716-ACB7-411B-B708-415D4DB1D8AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2b\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"916C8A47-B3DA-42C0-BE2F-041269F79CF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2c\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C09FE52A-E0AF-4B0F-A44E-4362E26A88D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2c\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07EF7BE6-2702-4174-A8AA-AFD44014F8A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56403D34-B803-4DA7-96BC-2E0797D27F69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\)su2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"765921EA-40B6-491F-9F05-85E000F12474\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\)su3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A6FFFE8D-6196-48F4-BEAB-3657D68A67BB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E1FA195-A711-4861-9B3D-A36D55C0F49D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F252947A-82FE-4133-AA4F-E17758D7ECF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F61E277B-475A-40EC-8A67-CE2A17C94185\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D289E6D8-EA6A-4487-9513-6CCEE3740EA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06098E0B-20F8-4FCC-A384-01EA108F4549\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCF00D65-DE88-4287-82CB-552AB68AFE25\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B04ECEA-E097-4069-B6AC-74D477F03BF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5CCD3E6-6031-437E-862B-470E39FAF67D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\)su1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31C31335-8001-4C83-A04B-6562CB39E3EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\)su2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70757AD4-8F55-4C8B-886B-1D2E41670407\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\)su3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFD583D2-CFB4-4539-9458-E91FF9BC7059\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB6E34CF-3F33-485F-8128-2D65A9034A57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"751BBB43-B31B-4D84-97AD-5BA4603DD08A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:9.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7285C0D-5337-49D0-A6EE-2385A7B4F510\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:9.1\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A1D8DBE-095D-4E38-A93B-D05459F7209E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:9.1\\\\(1a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCA70732-8ACD-47D2-A311-319180F86892\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\\\(a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de ruta de b\\u00fasqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la variable de entorno especificadas para los programas privilegiados, tambi\\u00e9n conocido como Bug ID CSCui02276.\"}]",
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"id": "CVE-2013-3433",
"lastModified": "2024-11-21T01:53:37.430",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.8, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2013-07-18T12:48:56.977",
"references": "[{\"url\": \"http://osvdb.org/95404\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/54249\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/61297\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://osvdb.org/95404\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/54249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/61297\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-3433\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2013-07-18T12:48:56.977\",\"lastModified\":\"2024-11-21T01:53:37.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda de no confianza en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a) permite a usuarios locales obtener privilegios mediante el aprovechamiento de los problemas de permisos de archivos y la variable de entorno especificadas para los programas privilegiados, tambi\u00e9n conocido como Bug ID CSCui02276.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B591E75E-040C-4D26-AF13-A4F87E048579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2a\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22B2CDE-DB49-402D-8BF2-B9458D907DDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18986D7E-E1E6-46EB-A247-2A98224FC122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(2b\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFAAC2E8-B548-4940-9492-DEAB574E7CF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46BDD926-7F96-46C5-AD9C-40B7D3C78340\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BA63076-B8A1-4672-99F3-703F7838F3A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3a\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3a\\\\)su1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F84676C-75A5-48D2-889D-B48EC724336F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA15D48-A0DE-4091-8C78-666E98B488C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3b\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3038823F-C32D-4C1B-8228-D14B35535297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(3b\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ECDCE1A-176D-46E0-9C39-19FAD7B57892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6856A2A-55F4-4785-BEC1-54295D7D9CD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5\\\\)su1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2727998A-ED1F-4EFE-9952-7DA8486706D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61FD826-A08E-477C-AA57-359B10387035\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A9EDB91-350B-4ED4-A177-257023380C44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CBA6140-CEF7-4990-9A1E-76F02607BA84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F0A5B28-0211-4173-BD91-67BCA3267C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74323C2F-949A-4A97-8A1A-1D0A470B93BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E69A9EC1-7078-4866-986E-D2842CFDC404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE6F189-C6AE-43C3-8E2C-741B4D63FA82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:7.1\\\\(5b\\\\)su6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C73894A0-E3F3-4C92-A1D0-7762F2612F16\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"248E4608-B870-4913-8048-3771685CBD77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52D7EECA-322E-48E4-9682-6C3C39B64B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"547E3100-EFBF-4F30-8D9E-81F8B79D9F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE55716-ACB7-411B-B708-415D4DB1D8AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2b\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"916C8A47-B3DA-42C0-BE2F-041269F79CF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2c\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C09FE52A-E0AF-4B0F-A44E-4362E26A88D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(2c\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07EF7BE6-2702-4174-A8AA-AFD44014F8A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56403D34-B803-4DA7-96BC-2E0797D27F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"765921EA-40B6-491F-9F05-85E000F12474\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.0\\\\(3a\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6FFFE8D-6196-48F4-BEAB-3657D68A67BB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E1FA195-A711-4861-9B3D-A36D55C0F49D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F252947A-82FE-4133-AA4F-E17758D7ECF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F61E277B-475A-40EC-8A67-CE2A17C94185\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D289E6D8-EA6A-4487-9513-6CCEE3740EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.5\\\\(1\\\\)su5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06098E0B-20F8-4FCC-A384-01EA108F4549\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCF00D65-DE88-4287-82CB-552AB68AFE25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B04ECEA-E097-4069-B6AC-74D477F03BF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5CCD3E6-6031-437E-862B-470E39FAF67D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31C31335-8001-4C83-A04B-6562CB39E3EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70757AD4-8F55-4C8B-886B-1D2E41670407\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(2a\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFD583D2-CFB4-4539-9458-E91FF9BC7059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB6E34CF-3F33-485F-8128-2D65A9034A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:8.6\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"751BBB43-B31B-4D84-97AD-5BA4603DD08A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:9.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7285C0D-5337-49D0-A6EE-2385A7B4F510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:9.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A1D8DBE-095D-4E38-A93B-D05459F7209E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:9.1\\\\(1a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCA70732-8ACD-47D2-A311-319180F86892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\\\(a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/95404\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://secunia.com/advisories/54249\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61297\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://osvdb.org/95404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/54249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/61297\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/426.html\\r\\n\\r\\n\u0027CWE-426: Untrusted Search Path\u0027\"}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.