CVE-2013-3433

Untrusted search path vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02276.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
ciscounified_communications_manager
7.1\(2a\)
ciscounified_communications_manager
7.1\(2a\)su1
ciscounified_communications_manager
7.1\(2b\)
ciscounified_communications_manager
7.1\(2b\)su1
ciscounified_communications_manager
7.1\(3\)
ciscounified_communications_manager
7.1\(3a\)
ciscounified_communications_manager
7.1\(3a\)su1
ciscounified_communications_manager
7.1\(3a\)su1a
ciscounified_communications_manager
7.1\(3b\)
ciscounified_communications_manager
7.1\(3b\)su1
ciscounified_communications_manager
7.1\(3b\)su2
ciscounified_communications_manager
7.1\(5\)
ciscounified_communications_manager
7.1\(5\)su1
ciscounified_communications_manager
7.1\(5\)su1a
ciscounified_communications_manager
7.1\(5a\)
ciscounified_communications_manager
7.1\(5b\)
ciscounified_communications_manager
7.1\(5b\)su1
ciscounified_communications_manager
7.1\(5b\)su1a
ciscounified_communications_manager
7.1\(5b\)su2
ciscounified_communications_manager
7.1\(5b\)su3
ciscounified_communications_manager
7.1\(5b\)su4
ciscounified_communications_manager
7.1\(5b\)su5
ciscounified_communications_manager
7.1\(5b\)su6
ciscounified_communications_manager
8.0
ciscounified_communications_manager
8.0\(1\)
ciscounified_communications_manager
8.0\(2\)
ciscounified_communications_manager
8.0\(2a\)
ciscounified_communications_manager
8.0\(2b\)
ciscounified_communications_manager
8.0\(2c\)
ciscounified_communications_manager
8.0\(2c\)su1
ciscounified_communications_manager
8.0\(3\)
ciscounified_communications_manager
8.0\(3a\)
ciscounified_communications_manager
8.0\(3a\)su1
ciscounified_communications_manager
8.0\(3a\)su2
ciscounified_communications_manager
8.0\(3a\)su3
ciscounified_communications_manager
8.5
ciscounified_communications_manager
8.5\(1\)
ciscounified_communications_manager
8.5\(1\)su1
ciscounified_communications_manager
8.5\(1\)su2
ciscounified_communications_manager
8.5\(1\)su3
ciscounified_communications_manager
8.5\(1\)su4
ciscounified_communications_manager
8.5\(1\)su5
ciscounified_communications_manager
8.6
ciscounified_communications_manager
8.6\(1\)
ciscounified_communications_manager
8.6\(1a\)
ciscounified_communications_manager
8.6\(2\)
ciscounified_communications_manager
8.6\(2a\)
ciscounified_communications_manager
8.6\(2a\)su1
ciscounified_communications_manager
8.6\(2a\)su2
ciscounified_communications_manager
8.6\(2a\)su3
ciscounified_communications_manager
8.6\(3\)
ciscounified_communications_manager
8.6\(4\)
ciscounified_communications_manager
9.0\(1\)
ciscounified_communications_manager
9.1\(1\)
ciscounified_communications_manager
9.1.1\(a\)
𝑥
= Vulnerable software versions
References
http://osvdb.org/95404
http://secunia.com/advisories/54249
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm
http://www.securityfocus.com/bid/61297
http://osvdb.org/95404
http://secunia.com/advisories/54249
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm
http://www.securityfocus.com/bid/61297