VAR-201304-0169
Vulnerability from variot - Updated: 2023-12-18 12:52The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. An attacker can exploit this issue to obtain access sensitive information which may aid in further attacks. This issue is tracked by Cisco BugId CSCuf77546. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201304-0169",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified contact center express editor software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified contact center express",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5(1)"
},
{
"model": "unified contact center express editor software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5(1)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
}
],
"sources": [
{
"db": "BID",
"id": "59358"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express_editor_software:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "59358"
}
],
"trust": 0.3
},
"cve": "CVE-2013-1214",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-1214",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-61216",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-1214",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-477",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-61216",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61216"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. \nAn attacker can exploit this issue to obtain access sensitive information which may aid in further attacks. \nThis issue is tracked by Cisco BugId CSCuf77546. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "BID",
"id": "59358"
},
{
"db": "VULHUB",
"id": "VHN-61216"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-1214",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-477",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "53171",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20130419 CISCO UNIFIED CONTACT CENTER EXPRESS EDITOR INFORMATION DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "59358",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-61216",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61216"
},
{
"db": "BID",
"id": "59358"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"id": "VAR-201304-0169",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-61216"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:52:07.890000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1214"
},
{
"title": "29050",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=29050"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61216"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "NVD",
"id": "CVE-2013-1214"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1214"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1214"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1214"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/53171"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=29050"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-61216"
},
{
"db": "BID",
"id": "59358"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-61216"
},
{
"db": "BID",
"id": "59358"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-61216"
},
{
"date": "2013-04-19T00:00:00",
"db": "BID",
"id": "59358"
},
{
"date": "2013-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"date": "2013-04-24T10:28:37.917000",
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"date": "2013-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-61216"
},
{
"date": "2013-04-19T00:00:00",
"db": "BID",
"id": "59358"
},
{
"date": "2013-04-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-002461"
},
{
"date": "2018-10-30T16:26:06.170000",
"db": "NVD",
"id": "CVE-2013-1214"
},
{
"date": "2013-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Contact Center Express Arbitrary script editor vulnerability in script editor",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-002461"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-477"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…