CVE-2013-6685 : The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissio

The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.

Published 2013-11-13 15:55:05

Updated 2025-04-11 00:51:22

Source Cisco Systems, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-6685

Cisco » Unified Ip Phone 9951
cpe:2.3:h:cisco:unified_ip_phone_9951:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Ip Phone 9971
cpe:2.3:h:cisco:unified_ip_phone_9971:*:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Ip Phone Firmware » Version: N/A
cpe:2.3:o:cisco:unified_ip_phone_firmware:-:*:*:*:*:*:*:*
Matching versions
Cisco » Unified Ip Phone 8961
cpe:2.3:h:cisco:unified_ip_phone_8961:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-6685

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6685

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.6	MEDIUM	AV:L/AC:M/Au:S/C:C/I:C/A:C	2.7	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6685

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6685

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685

Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2013-6685

Products affected by CVE-2013-6685

Exploit prediction scoring system (EPSS) score for CVE-2013-6685

CVSS scores for CVE-2013-6685

CWE ids for CVE-2013-6685

References for CVE-2013-6685