var-201311-0239
Vulnerability from variot
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. An attacker with local access could potentially exploit this issue to gain escalated privileges. Successful exploits will completely compromise the affected device. This issue is tracked by Cisco Bug ID CSCui04382. The device provides functions such as voice and video. A local attacker could exploit this vulnerability by mounting the device with a malicious file system to take complete control of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0239",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified ip phone",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified ip phone 8961",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unified ip phone 9971",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unified ip phone 9951",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "unified ip phone 8961",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified ip phone 9900 series",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "9.4.1"
},
{
"model": "unified ip phone 9951",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified ip phone 9971",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified ip phones series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9900"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:unified_ip_phone_8961",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:unified_ip_phones_9900_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:unified_ip_phone_9951",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:unified_ip_phone_9971",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "63687"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "CVE-2013-6685",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.1,
"id": "CNVD-2013-14476",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "VHN-66687",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6685",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6685",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-14476",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66687",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "VULHUB",
"id": "VHN-66687"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. \nAn attacker with local access could potentially exploit this issue to gain escalated privileges. Successful exploits will completely compromise the affected device. \nThis issue is tracked by Cisco Bug ID CSCui04382. The device provides functions such as voice and video. A local attacker could exploit this vulnerability by mounting the device with a malicious file system to take complete control of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6685"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "BID",
"id": "63687"
},
{
"db": "VULHUB",
"id": "VHN-66687"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6685",
"trust": 3.4
},
{
"db": "BID",
"id": "63687",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14476",
"trust": 0.6
},
{
"db": "CISCO",
"id": "20131112 CISCO UNIFIED IP PHONE 8900/9900 SERIES INSECURE FILE PERMISSIONS VULNERABILITY",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-91776",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66687",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "VULHUB",
"id": "VHN-66687"
},
{
"db": "BID",
"id": "63687"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"id": "VAR-201311-0239",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "VULHUB",
"id": "VHN-66687"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
}
]
},
"last_update_date": "2024-11-23T22:23:12.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685"
},
{
"title": "31741",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31741"
},
{
"title": "Patch for Cisco Unified IP Phone 8900/9900 Series Unsecure File Permission Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/41128"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66687"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6685"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6685"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6685"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "VULHUB",
"id": "VHN-66687"
},
{
"db": "BID",
"id": "63687"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"db": "VULHUB",
"id": "VHN-66687"
},
{
"db": "BID",
"id": "63687"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"date": "2013-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-66687"
},
{
"date": "2013-11-12T00:00:00",
"db": "BID",
"id": "63687"
},
{
"date": "2013-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"date": "2013-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"date": "2013-11-13T15:55:04.550000",
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14476"
},
{
"date": "2013-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-66687"
},
{
"date": "2013-11-15T00:33:00",
"db": "BID",
"id": "63687"
},
{
"date": "2013-11-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005111"
},
{
"date": "2013-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-202"
},
{
"date": "2024-11-21T01:59:33.093000",
"db": "NVD",
"id": "CVE-2013-6685"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "63687"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified IP phones Vulnerabilities that can be used to acquire privileges in the firmware of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005111"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-202"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.