Sign-up

ID

VAR-201301-0351


CVE

CVE-2013-1113


TITLE

Cisco Unified Communications Domain Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-001344

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via a crafted parameter value, aka Bug ID CSCue21042. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCue21042. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Domain Manager (CUCDM) Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA51954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51954 RELEASE DATE: 2013-01-28 DISCUSS ADVISORY: http://secunia.com/advisories/51954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Communications Domain Manager (CUCDM), which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1113 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2013-1113 // JVNDB: JVNDB-2013-001344 // BID: 57567 // VULHUB: VHN-61115 // PACKETSTORM: 119843

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2013-001344 // CNNVD: CNNVD-201301-523 // NVD: CVE-2013-1113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1113
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1113
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201301-523
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61115
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1113
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61115 // JVNDB: JVNDB-2013-001344 // CNNVD: CNNVD-201301-523 // NVD: CVE-2013-1113

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61115 // JVNDB: JVNDB-2013-001344 // NVD: CVE-2013-1113

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-523

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 119843 // CNNVD: CNNVD-201301-523

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001344

PATCH
title:Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1113
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001344

EXTERNAL IDS
db:NVDid:CVE-2013-1113
Trust: 2.9
db:SECUNIAid:51954
Trust: 1.9
db:BIDid:57567
Trust: 1.4
db:OSVDBid:89608
Trust: 1.1
db:JVNDBid:JVNDB-2013-001344
Trust: 0.8
db:CNNVDid:CNNVD-201301-523
Trust: 0.7
db:CISCOid:20130125 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-61115
Trust: 0.1
db:PACKETSTORMid:119843
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61115 // 
            
            
            
            BID: 57567 // 
            
            
            
            JVNDB: JVNDB-2013-001344 // 
            
            
            
            PACKETSTORM: 119843 // 
            
            
            
            CNNVD: CNNVD-201301-523 // 
            
            
            
            NVD: CVE-2013-1113

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1113
Trust: 1.8
url:http://secunia.com/advisories/51954
Trust: 1.7
url:http://www.securityfocus.com/bid/57567
Trust: 1.1
url:http://osvdb.org/89608
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/81529
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1113
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1113
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://secunia.com/advisories/51954/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51954
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/blog/325/
Trust: 0.1
url:http://secunia.com/advisories/51954/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61115 // 
            
            
            
            BID: 57567 // 
            
            
            
            JVNDB: JVNDB-2013-001344 // 
            
            
            
            PACKETSTORM: 119843 // 
            
            
            
            CNNVD: CNNVD-201301-523 // 
            
            
            
            NVD: CVE-2013-1113

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 57567

SOURCES
db:VULHUBid:VHN-61115
db:BIDid:57567
db:JVNDBid:JVNDB-2013-001344
db:PACKETSTORMid:119843
db:CNNVDid:CNNVD-201301-523
db:NVDid:CVE-2013-1113

LAST UPDATE DATE
2025-04-11T23:17:17.649000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61115date:2017-08-29T00:00:00
db:BIDid:57567date:2013-05-04T08:01:00
db:JVNDBid:JVNDB-2013-001344date:2013-02-01T00:00:00
db:CNNVDid:CNNVD-201301-523date:2013-01-30T00:00:00
db:NVDid:CVE-2013-1113date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61115date:2013-01-31T00:00:00
db:BIDid:57567date:2013-01-25T00:00:00
db:JVNDBid:JVNDB-2013-001344date:2013-02-01T00:00:00
db:PACKETSTORMid:119843date:2013-01-28T06:23:58
db:CNNVDid:CNNVD-201301-523date:2013-01-30T00:00:00
db:NVDid:CVE-2013-1113date:2013-01-31T12:06:18.410