CVE-2013-1224

Published May 9, 2013

Last updated a month ago

CVSS info 7.8

Overview

Description: Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.8
Impact score: 6.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:C/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2658963-C679-43C8-9A39-AC84F5EEE343",
            "versionEndIncluding": "9.0\\(1\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3FA84E2-8B3B-4C19-B135-535E58DF3847"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44B2F5F0-DD35-463C-B73C-00B7911BCDD5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\\(10\\):es01:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36E1A7F5-4BA6-4C10-A85B-BB666C457BFC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B1D46F0-DEC9-418B-8973-6EC44201B0B8"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE565A29-2DC7-4F4F-8E47-CB404E0AA5AF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\\(2\\):sr1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C54FFF1F-2991-46EA-90C9-319F47663699"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "270E39D1-6F71-4C6F-AE91-B0A86057CCCF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6796545D-C15C-4ADA-8491-31FC26560809"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\\(2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9E51515-7E70-4199-8C99-D45F21D989B2"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8805E471-95E0-45DF-A346-15F10EB281B4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\\(1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6435E484-D475-49C6-8649-7BBD3728B08F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D6A6517-6F93-4B4B-91CB-9777EBAFF922"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References