Details of VAR-201302-0170

ID

VAR-201302-0170

CVE

CVE-2013-1111

TITLE

Cisco ATA 187 Analog Telephone Adaptor Vulnerable to operating system command execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-001568

DESCRIPTION

The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. The problem is Bug ID CSCtz67038 It is a problem.An operating system command may be executed by a third party. Cisco ATA-187 is prone to a security-bypass vulnerability because it allows attackers to gain unauthorized access to the device. This issue is being tracked by Cisco Bug ID CSCtz67038. An attacker can exploit this issue to view and modify the configuration of an affected device, thereby aiding in further attacks. A remote attacker could exploit this vulnerability to execute operating system commands by including a vector sent by a session on TCP port 7870

Trust: 1.98

sources: NVD: CVE-2013-1111 // JVNDB: JVNDB-2013-001568 // BID: 57782 // VULHUB: VHN-61113

AFFECTED PRODUCTS

vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	eq	version:	9.2.1.0	Trust: 2.4
vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	lt	version:	9.2.3.1	Trust: 1.6
vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	eq	version:	9.2.3.1	Trust: 1.6
vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	eq	version:	firmware 9.2.1.0	Trust: 0.8
vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	eq	version:	es build 4	Trust: 0.8
vendor:	cisco	model:	ata 187 analog telephone adaptor	scope:	eq	version:	firmware es build 4	Trust: 0.8

sources: JVNDB: JVNDB-2013-001568 // CNNVD: CNNVD-201302-131 // NVD: CVE-2013-1111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1111
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-1111
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201302-131
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-61113
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-1111
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61113
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61113 // JVNDB: JVNDB-2013-001568 // CNNVD: CNNVD-201302-131 // NVD: CVE-2013-1111

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61113 // JVNDB: JVNDB-2013-001568 // NVD: CVE-2013-1111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-131

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201302-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001568

PATCH

title:	cisco-sa-20130206-ata187	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187	Trust: 0.8
title:	cisco-sa-20130206-ata187	url:	http://www.cisco.com/cisco/web/support/JP/111/1117/1117120_cisco-sa-20130206-ata187-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-001568

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1111	Trust: 2.8
db:	BID	id:	57782	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-001568	Trust: 0.8
db:	CNNVD	id:	CNNVD-201302-131	Trust: 0.7
db:	CISCO	id:	20130206 CISCO ATA 187 ANALOG TELEPHONE ADAPTOR REMOTE ACCESS VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-61113	Trust: 0.1

sources: VULHUB: VHN-61113 // BID: 57782 // JVNDB: JVNDB-2013-001568 // CNNVD: CNNVD-201302-131 // NVD: CVE-2013-1111

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130206-ata187	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1111	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1111	Trust: 0.8
url:	http://www.securityfocus.com/bid/57782	Trust: 0.6

sources: VULHUB: VHN-61113 // JVNDB: JVNDB-2013-001568 // CNNVD: CNNVD-201302-131 // NVD: CVE-2013-1111

CREDITS

Cisco

Trust: 0.9

sources: BID: 57782 // CNNVD: CNNVD-201302-131

SOURCES

db:	VULHUB	id:	VHN-61113
db:	BID	id:	57782
db:	JVNDB	id:	JVNDB-2013-001568
db:	CNNVD	id:	CNNVD-201302-131
db:	NVD	id:	CVE-2013-1111

LAST UPDATE DATE

2025-04-11T23:15:27.061000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61113	date:	2013-02-14T00:00:00
db:	BID	id:	57782	date:	2013-02-07T17:11:00
db:	JVNDB	id:	JVNDB-2013-001568	date:	2013-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-131	date:	2013-02-18T00:00:00
db:	NVD	id:	CVE-2013-1111	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61113	date:	2013-02-13T00:00:00
db:	BID	id:	57782	date:	2013-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2013-001568	date:	2013-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-131	date:	2013-02-18T00:00:00
db:	NVD	id:	CVE-2013-1111	date:	2013-02-13T23:55:01.180