Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-3404 (GCVE-0-2013-3404)
Vulnerability from cvelistv5 – Published: 2013-07-18 00:00 – Updated: 2024-08-06 16:07
VLAI?
EPSS
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.924Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54249"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-08-20T09:00:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "54249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54249"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54249"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3404",
"datePublished": "2013-07-18T00:00:00.000Z",
"dateReserved": "2013-05-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:07:37.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2013-3404
Vulnerability from fkie_nvd - Published: 2013-07-18 12:48 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B591E75E-040C-4D26-AF13-A4F87E048579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "F22B2CDE-DB49-402D-8BF2-B9458D907DDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "18986D7E-E1E6-46EB-A247-2A98224FC122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFAAC2E8-B548-4940-9492-DEAB574E7CF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "46BDD926-7F96-46C5-AD9C-40B7D3C78340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7BA63076-B8A1-4672-99F3-703F7838F3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EADE6FA-40F8-4BEB-ABDB-77D4C0E587BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "3F84676C-75A5-48D2-889D-B48EC724336F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2EA15D48-A0DE-4091-8C78-666E98B488C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "3038823F-C32D-4C1B-8228-D14B35535297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "617E82C3-1CB1-46B2-BCFE-94BF9DBDD1D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2ECDCE1A-176D-46E0-9C39-19FAD7B57892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6856A2A-55F4-4785-BEC1-54295D7D9CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "2727998A-ED1F-4EFE-9952-7DA8486706D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F61FD826-A08E-477C-AA57-359B10387035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7A9EDB91-350B-4ED4-A177-257023380C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBA6140-CEF7-4990-9A1E-76F02607BA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*",
"matchCriteriaId": "9DCF2F2A-DF52-4BD8-A56B-B4E91CD1D1E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F0A5B28-0211-4173-BD91-67BCA3267C95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "74323C2F-949A-4A97-8A1A-1D0A470B93BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "E69A9EC1-7078-4866-986E-D2842CFDC404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE6F189-C6AE-43C3-8E2C-741B4D63FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*",
"matchCriteriaId": "C73894A0-E3F3-4C92-A1D0-7762F2612F16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "248E4608-B870-4913-8048-3771685CBD77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "52D7EECA-322E-48E4-9682-6C3C39B64B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "547E3100-EFBF-4F30-8D9E-81F8B79D9F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BCE55716-ACB7-411B-B708-415D4DB1D8AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "916C8A47-B3DA-42C0-BE2F-041269F79CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C09FE52A-E0AF-4B0F-A44E-4362E26A88D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AD0704-6F85-4E64-88D4-73E8BB2BEF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "07EF7BE6-2702-4174-A8AA-AFD44014F8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "56403D34-B803-4DA7-96BC-2E0797D27F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "64FDCB2A-AAF7-44EF-B748-6B336B7CD2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "765921EA-40B6-491F-9F05-85E000F12474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6FFFE8D-6196-48F4-BEAB-3657D68A67BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1FA195-A711-4861-9B3D-A36D55C0F49D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F252947A-82FE-4133-AA4F-E17758D7ECF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "F61E277B-475A-40EC-8A67-CE2A17C94185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "D289E6D8-EA6A-4487-9513-6CCEE3740EA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAA377E-3C37-4E9D-97E7-FDC162CF8FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEDD1A3-9658-48AF-A59E-A9BE7FA17E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*",
"matchCriteriaId": "06098E0B-20F8-4FCC-A384-01EA108F4549",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DCF00D65-DE88-4287-82CB-552AB68AFE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "47E28290-C7A9-4DF4-9918-6FDF5DC2B3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A8B5A9DD-C259-463C-A6A5-51D3E8DD4F58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6B04ECEA-E097-4069-B6AC-74D477F03BF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F5CCD3E6-6031-437E-862B-470E39FAF67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*",
"matchCriteriaId": "31C31335-8001-4C83-A04B-6562CB39E3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*",
"matchCriteriaId": "70757AD4-8F55-4C8B-886B-1D2E41670407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*",
"matchCriteriaId": "FFD583D2-CFB4-4539-9458-E91FF9BC7059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FB6E34CF-3F33-485F-8128-2D65A9034A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "751BBB43-B31B-4D84-97AD-5BA4603DD08A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B7285C0D-5337-49D0-A6EE-2385A7B4F510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5A1D8DBE-095D-4E38-A93B-D05459F7209E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BCA70732-8ACD-47D2-A311-319180F86892",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E4A84A9E-5DB4-49B5-B3A1-DD7D95D23716",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Cisco Unified Communications Manager (CUCM) v7.1 (x) hasta v9.1 (1a), permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados dando lugar al descubrimiento de credenciales cifradas mediante el aprovechamiento de los metadatos, tambi\u00e9n conocido como Bug ID CSCuh01051."
}
],
"id": "CVE-2013-3404",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-18T12:48:56.947",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/54249"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2013-3404
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-3404",
"description": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.",
"id": "GSD-2013-3404"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-3404"
],
"details": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.",
"id": "GSD-2013-3404",
"modified": "2023-12-13T01:22:22.621044Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54249"
},
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5\\)su1a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3a\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(3b\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(5b\\)su5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:7.1\\(2a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2c\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\)su2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(3a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.0\\(2b\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.5\\(1\\)su5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(4\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(1a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6\\(2a\\)su2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1.1\\(a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_communications_manager:9.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3404"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130717 Multiple Vulnerabilities in Cisco Unified Communications Manager",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
},
{
"name": "54249",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/54249"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2013-08-20T03:23Z",
"publishedDate": "2013-07-18T12:48Z"
}
}
}
GHSA-F66V-2H8Q-JPFQ
Vulnerability from github – Published: 2022-05-17 05:06 – Updated: 2022-05-17 05:06
VLAI?
Details
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
{
"affected": [],
"aliases": [
"CVE-2013-3404"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-07-18T12:48:00Z",
"severity": "HIGH"
},
"details": "SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.",
"id": "GHSA-f66v-2h8q-jpfq",
"modified": "2022-05-17T05:06:37Z",
"published": "2022-05-17T05:06:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3404"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/54249"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"schema_version": "1.4.0",
"severity": []
}
CERTA-2013-AVI-432
Vulnerability from certfr_avis - Published: 2013-07-18 - Updated: 2013-07-18
De multiples vulnérabilités ont été corrigées dans Cisco Unified Communications Manager. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 7.1 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.5 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 9.0 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 9.1 | ||
| Cisco | Unified Communications Manager | Cisco Unified Communications Manager 8.6 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Unified Communications Manager 7.1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.5",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 9.0",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 9.1",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Unified Communications Manager 8.6",
"product": {
"name": "Unified Communications Manager",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-3412",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3412"
},
{
"name": "CVE-2013-3434",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3434"
},
{
"name": "CVE-2013-3403",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3403"
},
{
"name": "CVE-2013-3433",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3433"
},
{
"name": "CVE-2013-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3404"
},
{
"name": "CVE-2013-3402",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3402"
}
],
"initial_release_date": "2013-07-18T00:00:00",
"last_revision_date": "2013-07-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130717-cucm du 17 juillet 2013",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm"
}
],
"reference": "CERTA-2013-AVI-432",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Unified Communications Manager\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Unified Communications Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20130717-cucm du 17 juillet 2013",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…