CVE-2013-5528

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/98336	Broken Link
http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html	Exploit Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528	Vendor Advisory
http://www.securityfocus.com/bid/62960	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/40887/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-10-11 03:54

Updated : 2023-12-10 11:16

NVD link : CVE-2013-5528

Mitre link : CVE-2013-5528

CVE.ORG link : CVE-2013-5528

JSON object : View

Products Affected

cisco

unified_communications_manager

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-5528", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-11T03:54:53.800", "references": [{"url": "http://osvdb.org/98336", "tags": ["Broken Link"], "source": "ykramarz@cisco.com"}, {"url": "http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/62960", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://www.exploit-db.com/exploits/40887/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la interfaz web administrativa de Tomcat en Cisco Unified Communications Manager permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de secuencias de saltos de directorio en una cadena de entrada no especificada, aka Bug ID CSCui78815."}], "lastModified": "2017-01-04T14:52:22.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D51B262-3855-4384-A0EA-FE115D544953"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}