Lucene search

CiscoCVE-2013-1221

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-1221

2022-10-0316:14:47

CWE-16

cisco

web.nvd.nist.gov

cisco

unified

customer voice portal

cvp

software

tomcat

web management

remote code execution

cve-2013-1221

nvd

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

Affected configurations

Nvd

Node

ciscounified_customer_voice_portalRange≤9.0\(1\)

ciscounified_customer_voice_portalMatch3.0sr1

ciscounified_customer_voice_portalMatch3.0sr2

ciscounified_customer_voice_portalMatch3.6\(10\)es01

ciscounified_customer_voice_portalMatch4.0

ciscounified_customer_voice_portalMatch4.0\(2\)

ciscounified_customer_voice_portalMatch4.0\(2\)sr1

ciscounified_customer_voice_portalMatch4.1

ciscounified_customer_voice_portalMatch7.0

ciscounified_customer_voice_portalMatch7.0\(2\)

ciscounified_customer_voice_portalMatch8.0\(1\)

ciscounified_customer_voice_portalMatch8.5\(1\)

ciscounified_customer_voice_portalMatch9.0

VendorProductVersionCPE
ciscounified_customer_voice_portal4.0cpe:/a:cisco:unified_customer_voice_portal:4.0:::
ciscounified_customer_voice_portal7.0cpe:/a:cisco:unified_customer_voice_portal:7.0:::
ciscounified_customer_voice_portal4.0%282%29cpe:/a:cisco:unified_customer_voice_portal:4.0%282%29:sr1::
ciscounified_customer_voice_portal3.0cpe:/a:cisco:unified_customer_voice_portal:3.0:sr1::
ciscounified_customer_voice_portal8.0%281%29cpe:/a:cisco:unified_customer_voice_portal:8.0%281%29:::
ciscounified_customer_voice_portal9.0cpe:/a:cisco:unified_customer_voice_portal:9.0:::
ciscounified_customer_voice_portal3.6%2810%29cpe:/a:cisco:unified_customer_voice_portal:3.6%2810%29:es01::
ciscounified_customer_voice_portal3.0cpe:/a:cisco:unified_customer_voice_portal:3.0:sr2::
ciscounified_customer_voice_portal4.1cpe:/a:cisco:unified_customer_voice_portal:4.1:::
ciscounified_customer_voice_portal7.0%282%29cpe:/a:cisco:unified_customer_voice_portal:7.0%282%29:::

Vendor	Product	Version	CPE
cisco	unified_customer_voice_portal	4.0	cpe:/a:cisco:unified_customer_voice_portal:4.0:::
cisco	unified_customer_voice_portal	7.0	cpe:/a:cisco:unified_customer_voice_portal:7.0:::
cisco	unified_customer_voice_portal	4.0%282%29	cpe:/a:cisco:unified_customer_voice_portal:4.0%282%29:sr1::
cisco	unified_customer_voice_portal	3.0	cpe:/a:cisco:unified_customer_voice_portal:3.0:sr1::
cisco	unified_customer_voice_portal	8.0%281%29	cpe:/a:cisco:unified_customer_voice_portal:8.0%281%29:::
cisco	unified_customer_voice_portal	9.0	cpe:/a:cisco:unified_customer_voice_portal:9.0:::
cisco	unified_customer_voice_portal	3.6%2810%29	cpe:/a:cisco:unified_customer_voice_portal:3.6%2810%29:es01::
cisco	unified_customer_voice_portal	3.0	cpe:/a:cisco:unified_customer_voice_portal:3.0:sr2::
cisco	unified_customer_voice_portal	4.1	cpe:/a:cisco:unified_customer_voice_portal:4.1:::
cisco	unified_customer_voice_portal	7.0%282%29	cpe:/a:cisco:unified_customer_voice_portal:7.0%282%29:::

Rows per page:

1-10 of 131

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.003

Percentile

71.4%

JSON

Related for CVE-2013-1221