fkie_nvd - fkie_cve-2013-1120

fkie_cve-2013-1120

Vulnerability from fkie_nvd

Published

2013-02-06 12:05

Modified

2024-11-21 01:48

Severity ?

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.

References

▼	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	unity_express_software	*
cisco	unity_express_software	1.1.1
cisco	unity_express_software	1.1.2
cisco	unity_express_software	2.0
cisco	unity_express_software	2.1
cisco	unity_express_software	2.2
cisco	unity_express_software	2.3
cisco	unity_express_software	3.0
cisco	unity_express_software	3.1
cisco	unity_express_software	3.2
cisco	unity_express_software	7.0
cisco	unity_express_software	7.1
cisco	unity_express_software	7.2
cisco	unity_express_software	7.3
cisco	unity_express	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83721592-B28F-4CB5-9E0B-A9E96573DC38",
              "versionEndIncluding": "7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "05328FC0-D20B-44AD-A72B-19D125553067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A700B4B-49E6-4F98-8094-ED6FB7841A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC3A8B0-179F-4B87-857A-D13701939249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17ECC993-69F5-43A6-AE9C-7ED2C33F56B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F42A5CA-B20F-45B2-A5B2-3FFDEFE7CBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7594535-B2F5-44A1-B643-B34AE4570607",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F6DA8D8-803A-4F76-83A0-D10D24192306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3938819-EB36-4404-99D3-851061479D51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C327C5-F673-4630-84AE-E0D583E235C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82C2B8A-7CD6-4F4D-BF1C-A0D48B069D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23AC34EA-3AB3-4BBD-9AF1-F00925957F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9B3369-DA45-4619-B965-0FC87725239B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_express_software:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBFE2A66-F021-403F-9DA7-D5FB2F24D406",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unity_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7583D706-3702-4571-BD2C-527E5337F6E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Cisco Unity Express con software anterior a v8.0 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios mediante vectores desconocidos. Bug ID CSCue35910."
    }
  ],
  "id": "CVE-2013-1120",
  "lastModified": "2024-11-21T01:48:56.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-02-06T12:05:43.833",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1120"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-1120

Vulnerability from cvelistv5

Published

2013-02-06 11:00

Modified

2024-09-17 01:31