CVE-2013-1221

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

T

he Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unified_customer_voice_portal::::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1::::::
	cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:::::::*

History

21 Nov 2024, 01:49

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp - Vendor Advisory

Information

Published : 2013-05-09 12:31

Updated : 2025-04-11 00:51

NVD link : CVE-2013-1221

Mitre link : CVE-2013-1221

CVE.ORG link : CVE-2013-1221

JSON object : View

Products Affected

unified_customer_voice_portal

CWE

CWE-16

Configuration

{"id": "CVE-2013-1221", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-09T12:31:19.173", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384."}, {"lang": "es", "value": "La caracter\u00edstica Tomcat Web Management en Cisco Unified Customer Voice Portal (CVP) Software antes de v9.0.1 ES v11 no configura correctamente los componentes Tomcat, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de peticiones manipuladas (1) HTTP \u00f3 (2) HTTPS, tanbi\u00e9n conocido como Bug ID CSCub38384."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2658963-C679-43C8-9A39-AC84F5EEE343", "versionEndIncluding": "9.0\\(1\\)"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3FA84E2-8B3B-4C19-B135-535E58DF3847"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44B2F5F0-DD35-463C-B73C-00B7911BCDD5"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\\(10\\):es01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E1A7F5-4BA6-4C10-A85B-BB666C457BFC"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B1D46F0-DEC9-418B-8973-6EC44201B0B8"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE565A29-2DC7-4F4F-8E47-CB404E0AA5AF"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\\(2\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C54FFF1F-2991-46EA-90C9-319F47663699"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270E39D1-6F71-4C6F-AE91-B0A86057CCCF"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6796545D-C15C-4ADA-8491-31FC26560809"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9E51515-7E70-4199-8C99-D45F21D989B2"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8805E471-95E0-45DF-A346-15F10EB281B4"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6435E484-D475-49C6-8649-7BBD3728B08F"}, {"criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6A6517-6F93-4B4B-91CB-9777EBAFF922"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}