Sign-up

ID

VAR-201307-0196


CVE

CVE-2013-3399


TITLE

Cisco Desktop Collaboration Experience DX650 Unspecified Android API Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2013-003180

DESCRIPTION

Buffer overflow in an unspecified Android API on the Cisco Desktop Collaboration Experience DX650 allows attackers to execute arbitrary code via vectors that leverage incorrect memory allocation, aka Bug IDs CSCuf93957, CSCug22352, and CSCug22462. Vendors have confirmed this vulnerability Bug ID CSCuf93957 , CSCug22352 ,and CSCug22462 It is released as.An attacker could execute arbitrary code by exploiting improper memory allocation. Local attackers can exploit this issue to run arbitrary code with elevated privileges. Failed exploit attempts can result in a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCuf93957, CSCug22352, and CSCug22462. The product provides uninterrupted, highly secure and integrated unified communications, high-definition (HD) video, network collaboration and more

Trust: 1.98

sources: NVD: CVE-2013-3399 // JVNDB: JVNDB-2013-003180 // BID: 60907 // VULHUB: VHN-63401

AFFECTED PRODUCTS

vendor:ciscomodel:desktop collaboration experiencescope:eqversion:dx650

Trust: 2.4

vendor:ciscomodel:desktop collaboration experience dx650scope:eqversion:10.0(1)

Trust: 0.3

sources: BID: 60907 // JVNDB: JVNDB-2013-003180 // CNNVD: CNNVD-201307-043 // NVD: CVE-2013-3399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3399
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3399
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-043
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63401
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3399
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63401
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63401 // JVNDB: JVNDB-2013-003180 // CNNVD: CNNVD-201307-043 // NVD: CVE-2013-3399

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-63401 // JVNDB: JVNDB-2013-003180 // NVD: CVE-2013-3399

THREAT TYPE

local

Trust: 0.9

sources: BID: 60907 // CNNVD: CNNVD-201307-043

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201307-043

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003180

PATCH
title:Cisco Desktop Collaboration Experience DX600 Series Potential Code Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3399
Trust: 0.8
title:29845url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29845
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003180

EXTERNAL IDS
db:NVDid:CVE-2013-3399
Trust: 2.8
db:JVNDBid:JVNDB-2013-003180
Trust: 0.8
db:CNNVDid:CNNVD-201307-043
Trust: 0.7
db:CISCOid:20130629 CISCO DESKTOP COLLABORATION EXPERIENCE DX600 SERIES POTENTIAL CODE INJECTION VULNERABILITY
Trust: 0.6
db:BIDid:60907
Trust: 0.4
db:VULHUBid:VHN-63401
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63401 // 
            
            
            
            BID: 60907 // 
            
            
            
            JVNDB: JVNDB-2013-003180 // 
            
            
            
            CNNVD: CNNVD-201307-043 // 
            
            
            
            NVD: CVE-2013-3399

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3399
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3399
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3399
Trust: 0.8
url:http://tools.cisco.com/security/center/viewalert.x?alertid=29845
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12959/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63401 // 
            
            
            
            BID: 60907 // 
            
            
            
            JVNDB: JVNDB-2013-003180 // 
            
            
            
            CNNVD: CNNVD-201307-043 // 
            
            
            
            NVD: CVE-2013-3399

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 60907

SOURCES
db:VULHUBid:VHN-63401
db:BIDid:60907
db:JVNDBid:JVNDB-2013-003180
db:CNNVDid:CNNVD-201307-043
db:NVDid:CVE-2013-3399

LAST UPDATE DATE
2025-04-11T23:10:40.328000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63401date:2013-07-23T00:00:00
db:BIDid:60907date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003180date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-043date:2013-07-04T00:00:00
db:NVDid:CVE-2013-3399date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63401date:2013-07-02T00:00:00
db:BIDid:60907date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003180date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-043date:2013-07-04T00:00:00
db:NVDid:CVE-2013-3399date:2013-07-02T03:43:34.663