Vulnerability Details : CVE-2013-1221
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
Vulnerability category: Execute code
Products affected by CVE-2013-1221
- cpe:2.3:a:cisco:unified_customer_voice_portal:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:8.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:7.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:4.0\(2\):sr1:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr1:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:8.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:3.0:sr2:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_customer_voice_portal:3.6\(10\):es01:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1221
0.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1221
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-1221
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1221
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
Multiple Vulnerabilities in Cisco Unified Customer Voice Portal SoftwareVendor Advisory
Jump to