CVE-2013-1221

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:::::::*

History

No history.

Information

Published : 2013-05-09 12:31

Updated : 2024-02-28 12:00

NVD link : CVE-2013-1221

Mitre link : CVE-2013-1221

CVE.ORG link : CVE-2013-1221

JSON object : View

Products Affected

cisco

unified_customer_voice_portal

CWE

CWE-16

Configuration

{"id": "CVE-2013-1221", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-09T12:31:19.173", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384."}, {"lang": "es", "value": "La caracter\u00edstica Tomcat Web Management en Cisco Unified Customer Voice Portal (CVP) Software antes de v9.0.1 ES v11 no configura correctamente los componentes Tomcat, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de peticiones manipuladas (1) HTTP \u00f3 (2) HTTPS, tanbi\u00e9n conocido como Bug ID CSCub38384."}], "lastModified": "2013-05-09T12:31:19.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2658963-C679-43C8-9A39-AC84F5EEE343", "versionEndIncluding": "9.0\\(1\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3FA84E2-8B3B-4C19-B135-535E58DF3847"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44B2F5F0-DD35-463C-B73C-00B7911BCDD5"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\\(10\\):es01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E1A7F5-4BA6-4C10-A85B-BB666C457BFC"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B1D46F0-DEC9-418B-8973-6EC44201B0B8"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE565A29-2DC7-4F4F-8E47-CB404E0AA5AF"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\\(2\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C54FFF1F-2991-46EA-90C9-319F47663699"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270E39D1-6F71-4C6F-AE91-B0A86057CCCF"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6796545D-C15C-4ADA-8491-31FC26560809"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E51515-7E70-4199-8C99-D45F21D989B2"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8805E471-95E0-45DF-A346-15F10EB281B4"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6435E484-D475-49C6-8649-7BBD3728B08F"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6A6517-6F93-4B4B-91CB-9777EBAFF922"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}