Vulnerability Description
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Ip Phone Firmware | - |
| Cisco | Unified Ip Phone 8961 | All versions |
| Cisco | Unified Ip Phone 9951 | All versions |
| Cisco | Unified Ip Phone 9971 | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685Vendor Advisory
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685Vendor Advisory
FAQ
What is CVE-2013-6685?
CVE-2013-6685 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its ...
How severe is CVE-2013-6685?
CVE-2013-6685 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6685?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Ip Phone Firmware, Cisco Unified Ip Phone 8961, Cisco Unified Ip Phone 9951, Cisco Unified Ip Phone 9971.