Lucene search

CiscoCVE-2013-6688

HistoryNov 18, 2013 - 3:55 a.m.

CVE-2013-6688

2013-11-1803:55:06

CWE-22

cisco

web.nvd.nist.gov

cve

2013

6688

directory traversal

vulnerability

cisco

unified communications manager

elm

enterprise license manager

bug id

cscui58222

nvd

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

46.7%

JSON

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

Affected configurations

Nvd

Node

ciscounified_communications_managerRange≤9.1\(1\)

ciscounified_communications_managerMatch3.3\(5\)

ciscounified_communications_managerMatch3.3\(5\)sr1

ciscounified_communications_managerMatch3.3\(5\)sr2a

ciscounified_communications_managerMatch4.1\(3\)

ciscounified_communications_managerMatch4.1\(3\)sr1

ciscounified_communications_managerMatch4.1\(3\)sr2

ciscounified_communications_managerMatch4.1\(3\)sr3

ciscounified_communications_managerMatch4.1\(3\)sr4

ciscounified_communications_managerMatch4.2

ciscounified_communications_managerMatch4.2.1

ciscounified_communications_managerMatch4.2.2

ciscounified_communications_managerMatch4.2.3

ciscounified_communications_managerMatch4.2.3sr1

ciscounified_communications_managerMatch4.2.3sr2

ciscounified_communications_managerMatch4.2.3sr2b

ciscounified_communications_managerMatch4.3

ciscounified_communications_managerMatch4.3\(1\)

ciscounified_communications_managerMatch5.0

ciscounified_communications_managerMatch5.1

ciscounified_communications_managerMatch5.1\(1\)

ciscounified_communications_managerMatch5.1\(1b\)

ciscounified_communications_managerMatch5.1\(1c\)

ciscounified_communications_managerMatch5.1\(2\)

ciscounified_communications_managerMatch5.1\(2a\)

ciscounified_communications_managerMatch5.1\(2b\)

ciscounified_communications_managerMatch5.1\(3\)

ciscounified_communications_managerMatch5.1\(3a\)

ciscounified_communications_managerMatch5.1\(3c\)

ciscounified_communications_managerMatch5.1\(3d\)

ciscounified_communications_managerMatch5.1\(3e\)

ciscounified_communications_managerMatch5.1.2

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.0\(1\)

ciscounified_communications_managerMatch6.0\(1a\)

ciscounified_communications_managerMatch6.0\(1b\)

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(1b\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(2\)su1a

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch6.1\(3a\)

ciscounified_communications_managerMatch6.1\(3b\)

ciscounified_communications_managerMatch6.1\(3b\)su1

ciscounified_communications_managerMatch6.1\(4\)

ciscounified_communications_managerMatch6.1\(4\)su1

ciscounified_communications_managerMatch6.1\(4a\)

ciscounified_communications_managerMatch6.1\(4a\)su2

ciscounified_communications_managerMatch6.1\(5\)

ciscounified_communications_managerMatch6.1\(5\)su1

ciscounified_communications_managerMatch6.1\(5\)su2

ciscounified_communications_managerMatch6.1\(5\)su3

ciscounified_communications_managerMatch7.0\(1\)su1

ciscounified_communications_managerMatch7.0\(1\)su1a

ciscounified_communications_managerMatch7.0\(2\)

ciscounified_communications_managerMatch7.0\(2a\)

ciscounified_communications_managerMatch7.0\(2a\)su1

ciscounified_communications_managerMatch7.0\(2a\)su2

ciscounified_communications_managerMatch7.1\(2a\)

ciscounified_communications_managerMatch7.1\(2a\)su1

ciscounified_communications_managerMatch7.1\(2b\)

ciscounified_communications_managerMatch7.1\(2b\)su1

ciscounified_communications_managerMatch7.1\(3\)

ciscounified_communications_managerMatch7.1\(3a\)

ciscounified_communications_managerMatch7.1\(3a\)su1

ciscounified_communications_managerMatch7.1\(3a\)su1a

ciscounified_communications_managerMatch7.1\(3b\)

ciscounified_communications_managerMatch7.1\(3b\)su1

ciscounified_communications_managerMatch7.1\(3b\)su2

ciscounified_communications_managerMatch7.1\(5\)

ciscounified_communications_managerMatch7.1\(5\)su1

ciscounified_communications_managerMatch7.1\(5\)su1a

ciscounified_communications_managerMatch7.1\(5a\)

ciscounified_communications_managerMatch7.1\(5b\)

ciscounified_communications_managerMatch7.1\(5b\)su1

ciscounified_communications_managerMatch7.1\(5b\)su1a

ciscounified_communications_managerMatch7.1\(5b\)su2

ciscounified_communications_managerMatch7.1\(5b\)su3

ciscounified_communications_managerMatch7.1\(5b\)su4

ciscounified_communications_managerMatch7.1\(5b\)su5

ciscounified_communications_managerMatch7.1\(5b\)su6

ciscounified_communications_managerMatch8.0

ciscounified_communications_managerMatch8.0\(1\)

ciscounified_communications_managerMatch8.0\(2\)

ciscounified_communications_managerMatch8.0\(2a\)

ciscounified_communications_managerMatch8.0\(2b\)

ciscounified_communications_managerMatch8.0\(2c\)

ciscounified_communications_managerMatch8.0\(2c\)su1

ciscounified_communications_managerMatch8.0\(3\)

ciscounified_communications_managerMatch8.0\(3a\)

ciscounified_communications_managerMatch8.0\(3a\)su1

ciscounified_communications_managerMatch8.0\(3a\)su2

ciscounified_communications_managerMatch8.0\(3a\)su3

ciscounified_communications_managerMatch8.5

ciscounified_communications_managerMatch8.5\(1\)

ciscounified_communications_managerMatch8.5\(1\)su1

ciscounified_communications_managerMatch8.5\(1\)su2

ciscounified_communications_managerMatch8.5\(1\)su3

ciscounified_communications_managerMatch8.5\(1\)su4

ciscounified_communications_managerMatch8.5\(1\)su5

ciscounified_communications_managerMatch8.6

ciscounified_communications_managerMatch8.6\(1\)

ciscounified_communications_managerMatch8.6\(1a\)

ciscounified_communications_managerMatch8.6\(2\)

ciscounified_communications_managerMatch8.6\(2a\)

ciscounified_communications_managerMatch8.6\(2a\)su1

ciscounified_communications_managerMatch8.6\(2a\)su2

ciscounified_communications_managerMatch8.6\(2a\)su3

ciscounified_communications_managerMatch8.6\(3\)

ciscounified_communications_managerMatch8.6\(4\)

ciscounified_communications_managerMatch9.0\(1\)

VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)sr1cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager3.3(5)sr2acpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr1cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr2cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr3cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:*
ciscounified_communications_manager4.1(3)sr4cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:*
ciscounified_communications_manager4.2cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	*	cpe:2.3:a:cisco:unified_communications_manager::::::::
cisco	unified_communications_manager	3.3(5)	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):::::::*
cisco	unified_communications_manager	3.3(5)sr1	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:::::::*
cisco	unified_communications_manager	3.3(5)sr2a	cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:::::::*
cisco	unified_communications_manager	4.1(3)	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):::::::*
cisco	unified_communications_manager	4.1(3)sr1	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:::::::*
cisco	unified_communications_manager	4.1(3)sr2	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:::::::*
cisco	unified_communications_manager	4.1(3)sr3	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:::::::*
cisco	unified_communications_manager	4.1(3)sr4	cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:::::::*
cisco	unified_communications_manager	4.2	cpe:2.3:a:cisco:unified_communications_manager:4.2:::::::*

Rows per page:

1-10 of 1131

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688

tools.cisco.com/security/center/viewAlert.x?alertId=31759

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

46.7%

JSON

Related for CVE-2013-6688