Vulnerabilities > CVE-2013-3433 - Local Privilege Escalation vulnerability in Cisco Unified Communications Manager

CVSS 6.8 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

cisco

NVD

Published: 2013-07-18

Updated: 2017-11-18

Summary

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Unified Communications Manager 7.1\(2A\) Cisco Unified Communications Manager 7.1\(2A\)Su1 Cisco Unified Communications Manager 7.1\(2B\) Cisco Unified Communications Manager 7.1\(2B\)Su1 Cisco Unified Communications Manager 7.1\(3\) Cisco Unified Communications Manager 7.1\(3A\) Cisco Unified Communications Manager 7.1\(3A\)Su1 Cisco Unified Communications Manager 7.1\(3A\)Su1A Cisco Unified Communications Manager 7.1\(3B\) Cisco Unified Communications Manager 7.1\(3B\)Su1 Cisco Unified Communications Manager 7.1\(3B\)Su2 Cisco Unified Communications Manager 7.1\(5\) Cisco Unified Communications Manager 7.1\(5\)Su1 Cisco Unified Communications Manager 7.1\(5\)Su1A Cisco Unified Communications Manager 7.1\(5A\) Cisco Unified Communications Manager 7.1\(5B\) Cisco Unified Communications Manager 7.1\(5B\)Su1 Cisco Unified Communications Manager 7.1\(5B\)Su1A Cisco Unified Communications Manager 7.1\(5B\)Su2 Cisco Unified Communications Manager 7.1\(5B\)Su3 Cisco Unified Communications Manager 7.1\(5B\)Su4 Cisco Unified Communications Manager 7.1\(5B\)Su5 Cisco Unified Communications Manager 7.1\(5B\)Su6 Cisco Unified Communications Manager 8.0 Cisco Unified Communications Manager 8.0\(1\) Cisco Unified Communications Manager 8.0\(2\) Cisco Unified Communications Manager 8.0\(2A\) Cisco Unified Communications Manager 8.0\(2B\) Cisco Unified Communications Manager 8.0\(2C\) Cisco Unified Communications Manager 8.0\(2C\)Su1 Cisco Unified Communications Manager 8.0\(3\) Cisco Unified Communications Manager 8.0\(3A\) Cisco Unified Communications Manager 8.0\(3A\)Su1 Cisco Unified Communications Manager 8.0\(3A\)Su2 Cisco Unified Communications Manager 8.0\(3A\)Su3 Cisco Unified Communications Manager 8.5 Cisco Unified Communications Manager 8.5\(1\) Cisco Unified Communications Manager 8.5\(1\)Su1 Cisco Unified Communications Manager 8.5\(1\)Su2 Cisco Unified Communications Manager 8.5\(1\)Su3 Cisco Unified Communications Manager 8.5\(1\)Su4 Cisco Unified Communications Manager 8.5\(1\)Su5 Cisco Unified Communications Manager 8.6 Cisco Unified Communications Manager 8.6\(1\) Cisco Unified Communications Manager 8.6\(1A\) Cisco Unified Communications Manager 8.6\(2\) Cisco Unified Communications Manager 8.6\(2A\) Cisco Unified Communications Manager 8.6\(2A\)Su1 Cisco Unified Communications Manager 8.6\(2A\)Su2 Cisco Unified Communications Manager 8.6\(2A\)Su3 Cisco Unified Communications Manager 8.6\(3\) Cisco Unified Communications Manager 8.6\(4\) Cisco Unified Communications Manager 9.0\(1\) Cisco Unified Communications Manager 9.1\(1\) Cisco Unified Communications Manager 9.1\(1A\) Cisco Unified Communications Manager 9.1.1\(A\)	56

Summary

Vulnerable Configurations

References