Sign-up

ID

VAR-201309-0432


CVE

CVE-2013-5493


TITLE

Cisco Virtualization Experience Client Vulnerabilities that can bypass access restrictions in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-004112

DESCRIPTION

The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified vectors, aka Bug ID CSCug68407. Local authenticated attackers can exploit this issue to execute arbitrary commands on the underlying operating system. This issue is being tracked by Cisco bug ID CSCug68407. The administrative web interface is a web management interface running on it

Trust: 1.98

sources: NVD: CVE-2013-5493 // JVNDB: JVNDB-2013-004112 // BID: 62361 // VULHUB: VHN-65495

AFFECTED PRODUCTS

vendor:ciscomodel:virtualization experience client 6000 seriesscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:virtualization experience client 6000scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:virtualization experience client 6000 seriesscope: - version: -

Trust: 0.8

vendor:ciscomodel:virtualization experience client 6000 seriesscope:lteversion:9.0

Trust: 0.8

sources: JVNDB: JVNDB-2013-004112 // CNNVD: CNNVD-201309-195 // NVD: CVE-2013-5493

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5493
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5493
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-195
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65495
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5493
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65495
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65495 // JVNDB: JVNDB-2013-004112 // CNNVD: CNNVD-201309-195 // NVD: CVE-2013-5493

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-65495 // JVNDB: JVNDB-2013-004112 // NVD: CVE-2013-5493

THREAT TYPE

local

Trust: 0.9

sources: BID: 62361 // CNNVD: CNNVD-201309-195

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-195

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004112

PATCH
title:Cisco Virtualization Experience Client Series 6000 Local Arbitrary Command Execution Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5493
Trust: 0.8
title:30777url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30777
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004112

EXTERNAL IDS
db:NVDid:CVE-2013-5493
Trust: 2.8
db:OSVDBid:97239
Trust: 1.1
db:SECTRACKid:1029032
Trust: 1.1
db:JVNDBid:JVNDB-2013-004112
Trust: 0.8
db:CNNVDid:CNNVD-201309-195
Trust: 0.7
db:CISCOid:20130912 CISCO VIRTUALIZATION EXPERIENCE CLIENT SERIES 6000 LOCAL ARBITRARY COMMAND EXECUTION VULNERABILITY
Trust: 0.6
db:BIDid:62361
Trust: 0.4
db:VULHUBid:VHN-65495
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65495 // 
            
            
            
            BID: 62361 // 
            
            
            
            JVNDB: JVNDB-2013-004112 // 
            
            
            
            CNNVD: CNNVD-201309-195 // 
            
            
            
            NVD: CVE-2013-5493

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5493
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30777
Trust: 1.1
url:http://osvdb.org/97239
Trust: 1.1
url:http://www.securitytracker.com/id/1029032
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5493
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5493
Trust: 0.8
sources:
            
            
            VULHUB: VHN-65495 // 
            
            
            
            JVNDB: JVNDB-2013-004112 // 
            
            
            
            CNNVD: CNNVD-201309-195 // 
            
            
            
            NVD: CVE-2013-5493

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62361

SOURCES
db:VULHUBid:VHN-65495
db:BIDid:62361
db:JVNDBid:JVNDB-2013-004112
db:CNNVDid:CNNVD-201309-195
db:NVDid:CVE-2013-5493

LAST UPDATE DATE
2025-04-11T23:10:39.603000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65495date:2013-10-22T00:00:00
db:BIDid:62361date:2013-09-12T00:00:00
db:JVNDBid:JVNDB-2013-004112date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-195date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5493date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65495date:2013-09-13T00:00:00
db:BIDid:62361date:2013-09-12T00:00:00
db:JVNDBid:JVNDB-2013-004112date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-195date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5493date:2013-09-13T14:10:27.543