CVE-2013-1225
Severity Score
7.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366.
Cisco Unified Customer Voice Portal (CVP) Software anterior a v9.0.1 ES v11 permite a atacantes remotos leer ficheros arbitrarios a través de peticiones Resource Manager (1) HTTP ó (2) HTTPS que contienen una entidad externa junto con una referencia declarada, relacionada con un asunto XML External Entity (XEE), también conocido como Bug ID CSCub38366.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-01-11 CVE Reserved
- 2013-05-09 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp | 2013-05-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | <= 9.0\(1\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version " <= 9.0\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 3.0 Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "3.0" | sr1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 3.0 Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "3.0" | sr2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 3.6\(10\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "3.6\(10\)" | es01 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 4.0 Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "4.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 4.0\(2\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "4.0\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 4.0\(2\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "4.0\(2\)" | sr1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 4.1 Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "4.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 7.0 Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "7.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 7.0\(2\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "7.0\(2\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 8.0\(1\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "8.0\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 8.5\(1\) Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "8.5\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Customer Voice Portal Search vendor "Cisco" for product "Unified Customer Voice Portal" | 9.0 Search vendor "Cisco" for product "Unified Customer Voice Portal" and version "9.0" | - |
Affected
| ||||||