Sign-up

ID

VAR-201310-0543


CVE

CVE-2013-5517


TITLE

Cisco Unified Communications Domain Manager of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004477

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. Exploiting this issue could allow an authenticated attacker to compromise the affected application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCuh96567. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2013-5517 // JVNDB: JVNDB-2013-004477 // BID: 62746 // VULHUB: VHN-65519

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:lteversion:9.0.1

Trust: 0.8

sources: JVNDB: JVNDB-2013-004477 // CNNVD: CNNVD-201310-053 // NVD: CVE-2013-5517

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5517
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5517
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65519
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5517
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65519
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65519 // JVNDB: JVNDB-2013-004477 // CNNVD: CNNVD-201310-053 // NVD: CVE-2013-5517

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-65519 // JVNDB: JVNDB-2013-004477 // NVD: CVE-2013-5517

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-053

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201310-053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004477

PATCH
title:Cisco Unified Communications Domain Manager Blind SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5517
Trust: 0.8
title:31073url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31073
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004477

EXTERNAL IDS
db:NVDid:CVE-2013-5517
Trust: 2.8
db:BIDid:62746
Trust: 1.4
db:OSVDBid:98019
Trust: 1.1
db:SECUNIAid:54847
Trust: 1.1
db:JVNDBid:JVNDB-2013-004477
Trust: 0.8
db:CNNVDid:CNNVD-201310-053
Trust: 0.7
db:CISCOid:20131001 CISCO UNIFIED COMMUNICATIONS DOMAIN MANAGER BLIND SQL INJECTION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65519
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65519 // 
            
            
            
            BID: 62746 // 
            
            
            
            JVNDB: JVNDB-2013-004477 // 
            
            
            
            CNNVD: CNNVD-201310-053 // 
            
            
            
            NVD: CVE-2013-5517

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5517
Trust: 1.7
url:http://www.securityfocus.com/bid/62746
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31073
Trust: 1.1
url:http://osvdb.org/98019
Trust: 1.1
url:http://secunia.com/advisories/54847
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5517
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5517
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65519 // 
            
            
            
            BID: 62746 // 
            
            
            
            JVNDB: JVNDB-2013-004477 // 
            
            
            
            CNNVD: CNNVD-201310-053 // 
            
            
            
            NVD: CVE-2013-5517

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62746

SOURCES
db:VULHUBid:VHN-65519
db:BIDid:62746
db:JVNDBid:JVNDB-2013-004477
db:CNNVDid:CNNVD-201310-053
db:NVDid:CVE-2013-5517

LAST UPDATE DATE
2025-04-11T22:59:04.022000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65519date:2013-10-17T00:00:00
db:BIDid:62746date:2013-10-04T00:13:00
db:JVNDBid:JVNDB-2013-004477date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-053date:2013-10-09T00:00:00
db:NVDid:CVE-2013-5517date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65519date:2013-10-02T00:00:00
db:BIDid:62746date:2013-10-01T00:00:00
db:JVNDBid:JVNDB-2013-004477date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-053date:2013-10-09T00:00:00
db:NVDid:CVE-2013-5517date:2013-10-02T22:55:23.650