CVE-2013-5533

2022-10-0316:14:56

CWE-20

[email protected]

web.nvd.nist.gov

cisco

9900

unified ip phones

image-upgrade

cve-2013-5533

nvd

security vulnerability

6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

Affected configurations

NVD

Node

ciscounified_ip_phones_9900_series_firmwareMatch-

AND

ciscounified_ip_phone_9951

ciscounified_ip_phone_9971

CPENameOperatorVersion
cisco:unified_ip_phones_9900_series_firmwarecisco unified ip phones 9900 series firmwareeq-
cisco:unified_ip_phone_9951cisco unified ip phone 9951eq*
cisco:unified_ip_phone_9971cisco unified ip phone 9971eq*

CPE	Name	Operator	Version
cisco:unified_ip_phones_9900_series_firmware	cisco unified ip phones 9900 series firmware	eq	-
cisco:unified_ip_phone_9951	cisco unified ip phone 9951	eq	*
cisco:unified_ip_phone_9971	cisco unified ip phone 9971	eq	*