ID CVE-2013-3434
Summary Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su6:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(2\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(2\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(2a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(2b\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(2b\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su4:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su5:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(1\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(1\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(1a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(1a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(2\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(2\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su1:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su3:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(3\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(3\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:8.6\(4\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:8.6\(4\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:9.0\(1\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:9.0\(1\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:9.1\(1\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:9.1\(1\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:9.1\(1a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:9.1\(1a\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:unified_communications_manager:9.1.1\(a\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:unified_communications_manager:9.1.1\(a\):*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 18-11-2017 - 02:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:S/C:C/I:C/A:C
refmap via4
bid 61296
cisco 20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager
osvdb 95403
secunia 54249
Last major update 18-11-2017 - 02:29
Published 18-07-2013 - 12:48
Last modified 18-11-2017 - 02:29
Back to Top