Lucene search

K
cveCiscoCVE-2013-6685
HistoryNov 13, 2013 - 3:55 p.m.

CVE-2013-6685

2013-11-1315:55:04
CWE-264
cisco
web.nvd.nist.gov
30
cisco
ip phone
firmware
local users
privilege escalation
bug id
cscui04382
cve-2013-6685
nvd

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

64.8%

The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.

Affected configurations

Nvd
Node
ciscounified_ip_phone_firmwareMatch-
AND
ciscounified_ip_phone_8961
OR
ciscounified_ip_phone_9951
OR
ciscounified_ip_phone_9971
VendorProductVersionCPE
ciscounified_ip_phone_firmware-cpe:2.3:o:cisco:unified_ip_phone_firmware:-:*:*:*:*:*:*:*
ciscounified_ip_phone_8961*cpe:2.3:h:cisco:unified_ip_phone_8961:*:*:*:*:*:*:*:*
ciscounified_ip_phone_9951*cpe:2.3:h:cisco:unified_ip_phone_9951:*:*:*:*:*:*:*:*
ciscounified_ip_phone_9971*cpe:2.3:h:cisco:unified_ip_phone_9971:*:*:*:*:*:*:*:*

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

64.8%

Related for CVE-2013-6685