Lucene search

[email protected]CVE-2013-1221

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-1221

2022-10-0316:14:47

CWE-16

[email protected]

web.nvd.nist.gov

cisco

unified

customer voice portal

cvp

software

tomcat

web management

remote code execution

cve-2013-1221

nvd

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.5%

JSON

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.

Affected configurations

NVD

Node

ciscounified_customer_voice_portalRange≤9.0\(1\)

ciscounified_customer_voice_portalMatch3.0sr1

ciscounified_customer_voice_portalMatch3.0sr2

ciscounified_customer_voice_portalMatch3.6\(10\)es01

ciscounified_customer_voice_portalMatch4.0

ciscounified_customer_voice_portalMatch4.0\(2\)

ciscounified_customer_voice_portalMatch4.0\(2\)sr1

ciscounified_customer_voice_portalMatch4.1

ciscounified_customer_voice_portalMatch7.0

ciscounified_customer_voice_portalMatch7.0\(2\)

ciscounified_customer_voice_portalMatch8.0\(1\)

ciscounified_customer_voice_portalMatch8.5\(1\)

ciscounified_customer_voice_portalMatch9.0

CPENameOperatorVersion
cisco:unified_customer_voice_portalcisco unified customer voice portalle9.0\(1\)
cisco:unified_customer_voice_portalcisco unified customer voice portaleq3.0
cisco:unified_customer_voice_portalcisco unified customer voice portaleq3.6\(10\)
cisco:unified_customer_voice_portalcisco unified customer voice portaleq4.0
cisco:unified_customer_voice_portalcisco unified customer voice portaleq4.0\(2\)
cisco:unified_customer_voice_portalcisco unified customer voice portaleq4.1
cisco:unified_customer_voice_portalcisco unified customer voice portaleq7.0
cisco:unified_customer_voice_portalcisco unified customer voice portaleq7.0\(2\)
cisco:unified_customer_voice_portalcisco unified customer voice portaleq8.0\(1\)
cisco:unified_customer_voice_portalcisco unified customer voice portaleq8.5\(1\)

CPE	Name	Operator	Version
cisco:unified_customer_voice_portal	cisco unified customer voice portal	le	9.0\(1\)
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	3.0
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	3.6\(10\)
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	4.0
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	4.0\(2\)
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	4.1
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	7.0
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	7.0\(2\)
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	8.0\(1\)
cisco:unified_customer_voice_portal	cisco unified customer voice portal	eq	8.5\(1\)