CVE-2013-6688

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-6688
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

6.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:C/A:N

Exploitability : 6.8 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact NONE

References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:3.3\(5\)sr2a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.1\(3\)sr4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.2.3sr2b:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:4.3\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(1b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(1c\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(2b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(3c\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(3d\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1\(3e\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.0\(1b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(2b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\)su3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5\(1\)su5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(1a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(2a\)su3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.6\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:9.0\(1\):*:*:*:*:*:*:*
History

21 Nov 2024, 01:59

Type Values Removed Values Added
References () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 - Vendor Advisory () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6688 - Vendor Advisory
References () http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 - Vendor Advisory () http://tools.cisco.com/security/center/viewAlert.x?alertId=31759 - Vendor Advisory
Information

Published : 2013-11-18 03:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-6688

Mitre link : CVE-2013-6688

CVE.ORG link : CVE-2013-6688

JSON object : View

Products Affected

cisco

  • unified_communications_manager
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')