Details of VAR-201312-0275

ID

VAR-201312-0275

CVE

CVE-2013-6983

TITLE

Cisco Unified Presence Server of Web In the interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-001001

DESCRIPTION

SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCuh35615. This component is responsible for collecting the user's availability status and communication capability information

Trust: 1.98

sources: NVD: CVE-2013-6983 // JVNDB: JVNDB-2014-001001 // BID: 64551 // VULHUB: VHN-66985

AFFECTED PRODUCTS

vendor:	cisco	model:	unified presence server	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	unified presence server	scope:	lte	version:	8.6(.5)	Trust: 0.8
vendor:	cisco	model:	unified presence server	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unified presence server	scope:	eq	version:	8.6(4)	Trust: 0.3
vendor:	cisco	model:	unified presence server	scope:	ne	version:	8.6(4.98000.396)	Trust: 0.3

sources: BID: 64551 // JVNDB: JVNDB-2014-001001 // CNNVD: CNNVD-201312-587 // NVD: CVE-2013-6983

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6983
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6983
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201312-587
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66985
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6983
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66985
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66985 // JVNDB: JVNDB-2014-001001 // CNNVD: CNNVD-201312-587 // NVD: CVE-2013-6983

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-66985 // JVNDB: JVNDB-2014-001001 // NVD: CVE-2013-6983

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-587

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201312-587

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001001

PATCH

title:	Cisco Unified Presence Server SQL Injection Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6983	Trust: 0.8
title:	32317	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32317	Trust: 0.8

sources: JVNDB: JVNDB-2014-001001

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6983	Trust: 2.8
db:	SECUNIA	id:	56273	Trust: 1.7
db:	BID	id:	64551	Trust: 1.4
db:	SECTRACK	id:	1029547	Trust: 1.1
db:	OSVDB	id:	101514	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001001	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-587	Trust: 0.7
db:	CISCO	id:	20131229 CISCO UNIFIED PRESENCE SERVER SQL INJECTION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-66985	Trust: 0.1

sources: VULHUB: VHN-66985 // BID: 64551 // JVNDB: JVNDB-2014-001001 // CNNVD: CNNVD-201312-587 // NVD: CVE-2013-6983

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6983	Trust: 2.0
url:	http://secunia.com/advisories/56273	Trust: 1.7
url:	http://www.securityfocus.com/bid/64551	Trust: 1.1
url:	http://osvdb.org/101514	Trust: 1.1
url:	http://www.securitytracker.com/id/1029547	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90011	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6983	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6983	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps6837/	Trust: 0.3

sources: VULHUB: VHN-66985 // BID: 64551 // JVNDB: JVNDB-2014-001001 // CNNVD: CNNVD-201312-587 // NVD: CVE-2013-6983

CREDITS

Cisco

Trust: 0.3

sources: BID: 64551

SOURCES

db:	VULHUB	id:	VHN-66985
db:	BID	id:	64551
db:	JVNDB	id:	JVNDB-2014-001001
db:	CNNVD	id:	CNNVD-201312-587
db:	NVD	id:	CVE-2013-6983

LAST UPDATE DATE

2025-04-11T22:53:10.039000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66985	date:	2017-08-29T00:00:00
db:	BID	id:	64551	date:	2013-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-001001	date:	2014-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201312-587	date:	2014-01-02T00:00:00
db:	NVD	id:	CVE-2013-6983	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66985	date:	2013-12-31T00:00:00
db:	BID	id:	64551	date:	2013-12-29T00:00:00
db:	JVNDB	id:	JVNDB-2014-001001	date:	2014-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201312-587	date:	2013-12-31T00:00:00
db:	NVD	id:	CVE-2013-6983	date:	2013-12-31T15:16:44.643