Details of VAR-201304-0169

ID

VAR-201304-0169

CVE

CVE-2013-1214

TITLE

Cisco Unified Contact Center Express Arbitrary script editor vulnerability in script editor

Trust: 0.8

sources: JVNDB: JVNDB-2013-002461

DESCRIPTION

The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546. An attacker can exploit this issue to obtain access sensitive information which may aid in further attacks. This issue is tracked by Cisco BugId CSCuf77546. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

Trust: 1.98

sources: NVD: CVE-2013-1214 // JVNDB: JVNDB-2013-002461 // BID: 59358 // VULHUB: VHN-61216

AFFECTED PRODUCTS

vendor:	cisco	model:	unified contact center express editor software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unified contact center express	scope:	lte	version:	8.5(1)	Trust: 0.8
vendor:	cisco	model:	unified contact center express editor software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	8.5	Trust: 0.3

sources: BID: 59358 // JVNDB: JVNDB-2013-002461 // CNNVD: CNNVD-201304-477 // NVD: CVE-2013-1214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1214
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1214
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201304-477
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61216
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1214
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61216
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61216 // JVNDB: JVNDB-2013-002461 // CNNVD: CNNVD-201304-477 // NVD: CVE-2013-1214

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61216 // JVNDB: JVNDB-2013-002461 // NVD: CVE-2013-1214

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-477

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-477

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002461

PATCH

title:	Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1214	Trust: 0.8
title:	29050	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29050	Trust: 0.8

sources: JVNDB: JVNDB-2013-002461

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1214	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002461	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-477	Trust: 0.7
db:	SECUNIA	id:	53171	Trust: 0.6
db:	CISCO	id:	20130419 CISCO UNIFIED CONTACT CENTER EXPRESS EDITOR INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BID	id:	59358	Trust: 0.4
db:	VULHUB	id:	VHN-61216	Trust: 0.1

sources: VULHUB: VHN-61216 // BID: 59358 // JVNDB: JVNDB-2013-002461 // CNNVD: CNNVD-201304-477 // NVD: CVE-2013-1214

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1214	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1214	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1214	Trust: 0.8
url:	http://secunia.com/advisories/53171	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29050	Trust: 0.3

sources: VULHUB: VHN-61216 // BID: 59358 // JVNDB: JVNDB-2013-002461 // CNNVD: CNNVD-201304-477 // NVD: CVE-2013-1214

CREDITS

Cisco

Trust: 0.3

sources: BID: 59358

SOURCES

db:	VULHUB	id:	VHN-61216
db:	BID	id:	59358
db:	JVNDB	id:	JVNDB-2013-002461
db:	CNNVD	id:	CNNVD-201304-477
db:	NVD	id:	CVE-2013-1214

LAST UPDATE DATE

2025-04-11T23:05:37.541000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61216	date:	2018-10-30T00:00:00
db:	BID	id:	59358	date:	2013-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-002461	date:	2013-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201304-477	date:	2013-04-26T00:00:00
db:	NVD	id:	CVE-2013-1214	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61216	date:	2013-04-24T00:00:00
db:	BID	id:	59358	date:	2013-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-002461	date:	2013-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201304-477	date:	2013-04-23T00:00:00
db:	NVD	id:	CVE-2013-1214	date:	2013-04-24T10:28:37.917