CVE-2013-5533 — MEDIUM (6.0)

Vulnerability Description

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

CVSS Score

6.0

MEDIUM

AV:L/AC:H/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Unified Ip Phones 9900 Series Firmware	-
Cisco	Unified Ip Phone 9951	All versions
Cisco	Unified Ip Phone 9971	All versions

Related Weaknesses (CWE)

CWE-20

References

http://osvdb.org/98337
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533Vendor Advisory
http://www.securityfocus.com/bid/62943Third Party AdvisoryVDB Entry
http://osvdb.org/98337
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533Vendor Advisory
http://www.securityfocus.com/bid/62943Third Party AdvisoryVDB Entry

FAQ

What is CVE-2013-5533?

CVE-2013-5533 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.

How severe is CVE-2013-5533?

CVE-2013-5533 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-5533?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Ip Phones 9900 Series Firmware, Cisco Unified Ip Phone 9951, Cisco Unified Ip Phone 9971.