CVE-2013-6978: Infoleak
First published: Sat Dec 21 2013(Updated: )
The disaster recovery system (DRS) component in Cisco Unified Communications Manager (UCM) 9.1(1) and earlier allows remote authenticated users to obtain sensitive device information by reading "extraneous information" in HTML source code, aka Bug ID CSCuj39249.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager Session Management Edition | <=9.1\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =3.3\(5\) | |
| Cisco Unified Communications Manager Session Management Edition | =3.3\(5\)sr1 | |
| Cisco Unified Communications Manager Session Management Edition | =3.3\(5\)sr2a | |
| Cisco Unified Communications Manager Session Management Edition | =4.1\(3\) | |
| Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr1 | |
| Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr2 | |
| Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr3 | |
| Cisco Unified Communications Manager Session Management Edition | =4.1\(3\)sr4 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.1 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.2 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.3 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.3sr1 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.3sr2 | |
| Cisco Unified Communications Manager Session Management Edition | =4.2.3sr2b | |
| Cisco Unified Communications Manager Session Management Edition | =4.3 | |
| Cisco Unified Communications Manager Session Management Edition | =4.3\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.0 | |
| Cisco Unified Communications Manager Session Management Edition | =5.1 | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(1b\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(1c\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(2\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(2a\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(2b\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(3\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(3a\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(3c\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(3d\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1\(3e\) | |
| Cisco Unified Communications Manager Session Management Edition | =5.1.2 | |
| Cisco Unified Communications Manager Session Management Edition | =6.0 | |
| Cisco Unified Communications Manager Session Management Edition | =6.0\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.0\(1a\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.0\(1b\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(1a\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(1b\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(2\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(2\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(2\)su1a | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(3\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(3a\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(3b\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(3b\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(4\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(4\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(4a\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(4a\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(5\) | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(5\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(5\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =6.1\(5\)su3 | |
| Cisco Unified Communications Manager Session Management Edition | =7.0\(1\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.0\(1\)su1a | |
| Cisco Unified Communications Manager Session Management Edition | =7.0\(2\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.0\(2a\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.0\(2a\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.0\(2a\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(2a\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(2a\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(2b\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(2b\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3a\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3a\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3a\)su1a | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3b\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3b\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(3b\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5\)su1a | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5a\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\) | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su1a | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su3 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su4 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su5 | |
| Cisco Unified Communications Manager Session Management Edition | =7.1\(5b\)su6 | |
| Cisco Unified Communications Manager Session Management Edition | =8.0 | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(2\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(2a\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(2b\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(2c\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(2c\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(3\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =8.0\(3a\)su3 | |
| Cisco Unified Communications Manager Session Management Edition | =8.5 | |
| Cisco Unified Communications Manager Session Management Edition | =8.5\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su3 | |
| Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su4 | |
| Cisco Unified Communications Manager Session Management Edition | =8.5\(1\)su5 | |
| Cisco Unified Communications Manager Session Management Edition | =8.6 | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(1\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(1a\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(2\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\)su1 | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\)su2 | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(2a\)su3 | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(3\) | |
| Cisco Unified Communications Manager Session Management Edition | =8.6\(4\) | |
| Cisco Unified Communications Manager Session Management Edition | =9.0\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/101162
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6978
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32219
- http://www.securityfocus.com/bid/64421
- http://www.securitytracker.com/id/1029520
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89834
Frequently Asked Questions
What is the severity of CVE-2013-6978?
CVE-2013-6978 is classified as a medium severity vulnerability that allows remote authenticated users to access sensitive device information.
How do I fix CVE-2013-6978?
To mitigate CVE-2013-6978, it is recommended to upgrade to an updated version of Cisco Unified Communications Manager that resolves this vulnerability.
What types of devices are affected by CVE-2013-6978?
CVE-2013-6978 affects various versions of Cisco Unified Communications Manager including 9.1(1) and several earlier versions.
Who can exploit CVE-2013-6978?
The vulnerability can be exploited by remote authenticated users with access to the relevant Cisco Unified Communications Manager interface.
What information can be exposed by CVE-2013-6978?
CVE-2013-6978 can expose sensitive device information that is contained within the HTML source code of the application.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified communications manager session management edition
- version/cisco unified communications manager session management edition/9.1\(1\)
- version/cisco unified communications manager session management edition/3.3\(5\)
- version/cisco unified communications manager session management edition/3.3\(5\)sr1
- version/cisco unified communications manager session management edition/3.3\(5\)sr2a
- version/cisco unified communications manager session management edition/4.1\(3\)
- version/cisco unified communications manager session management edition/4.1\(3\)sr1
- version/cisco unified communications manager session management edition/4.1\(3\)sr2
- version/cisco unified communications manager session management edition/4.1\(3\)sr3
- version/cisco unified communications manager session management edition/4.1\(3\)sr4
- version/cisco unified communications manager session management edition/4.2
- version/cisco unified communications manager session management edition/4.2.1
- version/cisco unified communications manager session management edition/4.2.2
- version/cisco unified communications manager session management edition/4.2.3
- version/cisco unified communications manager session management edition/4.2.3sr1
- version/cisco unified communications manager session management edition/4.2.3sr2
- version/cisco unified communications manager session management edition/4.2.3sr2b
- version/cisco unified communications manager session management edition/4.3
- version/cisco unified communications manager session management edition/4.3\(1\)
- version/cisco unified communications manager session management edition/5.0
- version/cisco unified communications manager session management edition/5.1
- version/cisco unified communications manager session management edition/5.1\(1\)
- version/cisco unified communications manager session management edition/5.1\(1b\)
- version/cisco unified communications manager session management edition/5.1\(1c\)
- version/cisco unified communications manager session management edition/5.1\(2\)
- version/cisco unified communications manager session management edition/5.1\(2a\)
- version/cisco unified communications manager session management edition/5.1\(2b\)
- version/cisco unified communications manager session management edition/5.1\(3\)
- version/cisco unified communications manager session management edition/5.1\(3a\)
- version/cisco unified communications manager session management edition/5.1\(3c\)
- version/cisco unified communications manager session management edition/5.1\(3d\)
- version/cisco unified communications manager session management edition/5.1\(3e\)
- version/cisco unified communications manager session management edition/5.1.2
- version/cisco unified communications manager session management edition/6.0
- version/cisco unified communications manager session management edition/6.0\(1\)
- version/cisco unified communications manager session management edition/6.0\(1a\)
- version/cisco unified communications manager session management edition/6.0\(1b\)
- version/cisco unified communications manager session management edition/6.1\(1\)
- version/cisco unified communications manager session management edition/6.1\(1a\)
- version/cisco unified communications manager session management edition/6.1\(1b\)
- version/cisco unified communications manager session management edition/6.1\(2\)
- version/cisco unified communications manager session management edition/6.1\(2\)su1
- version/cisco unified communications manager session management edition/6.1\(2\)su1a
- version/cisco unified communications manager session management edition/6.1\(3\)
- version/cisco unified communications manager session management edition/6.1\(3a\)
- version/cisco unified communications manager session management edition/6.1\(3b\)
- version/cisco unified communications manager session management edition/6.1\(3b\)su1
- version/cisco unified communications manager session management edition/6.1\(4\)
- version/cisco unified communications manager session management edition/6.1\(4\)su1
- version/cisco unified communications manager session management edition/6.1\(4a\)
- version/cisco unified communications manager session management edition/6.1\(4a\)su2
- version/cisco unified communications manager session management edition/6.1\(5\)
- version/cisco unified communications manager session management edition/6.1\(5\)su1
- version/cisco unified communications manager session management edition/6.1\(5\)su2
- version/cisco unified communications manager session management edition/6.1\(5\)su3
- version/cisco unified communications manager session management edition/7.0\(1\)su1
- version/cisco unified communications manager session management edition/7.0\(1\)su1a
- version/cisco unified communications manager session management edition/7.0\(2\)
- version/cisco unified communications manager session management edition/7.0\(2a\)
- version/cisco unified communications manager session management edition/7.0\(2a\)su1
- version/cisco unified communications manager session management edition/7.0\(2a\)su2
- version/cisco unified communications manager session management edition/7.1\(2a\)
- version/cisco unified communications manager session management edition/7.1\(2a\)su1
- version/cisco unified communications manager session management edition/7.1\(2b\)
- version/cisco unified communications manager session management edition/7.1\(2b\)su1
- version/cisco unified communications manager session management edition/7.1\(3\)
- version/cisco unified communications manager session management edition/7.1\(3a\)
- version/cisco unified communications manager session management edition/7.1\(3a\)su1
- version/cisco unified communications manager session management edition/7.1\(3a\)su1a
- version/cisco unified communications manager session management edition/7.1\(3b\)
- version/cisco unified communications manager session management edition/7.1\(3b\)su1
- version/cisco unified communications manager session management edition/7.1\(3b\)su2
- version/cisco unified communications manager session management edition/7.1\(5\)
- version/cisco unified communications manager session management edition/7.1\(5\)su1
- version/cisco unified communications manager session management edition/7.1\(5\)su1a
- version/cisco unified communications manager session management edition/7.1\(5a\)
- version/cisco unified communications manager session management edition/7.1\(5b\)
- version/cisco unified communications manager session management edition/7.1\(5b\)su1
- version/cisco unified communications manager session management edition/7.1\(5b\)su1a
- version/cisco unified communications manager session management edition/7.1\(5b\)su2
- version/cisco unified communications manager session management edition/7.1\(5b\)su3
- version/cisco unified communications manager session management edition/7.1\(5b\)su4
- version/cisco unified communications manager session management edition/7.1\(5b\)su5
- version/cisco unified communications manager session management edition/7.1\(5b\)su6
- version/cisco unified communications manager session management edition/8.0
- version/cisco unified communications manager session management edition/8.0\(1\)
- version/cisco unified communications manager session management edition/8.0\(2\)
- version/cisco unified communications manager session management edition/8.0\(2a\)
- version/cisco unified communications manager session management edition/8.0\(2b\)
- version/cisco unified communications manager session management edition/8.0\(2c\)
- version/cisco unified communications manager session management edition/8.0\(2c\)su1
- version/cisco unified communications manager session management edition/8.0\(3\)
- version/cisco unified communications manager session management edition/8.0\(3a\)
- version/cisco unified communications manager session management edition/8.0\(3a\)su1
- version/cisco unified communications manager session management edition/8.0\(3a\)su2
- version/cisco unified communications manager session management edition/8.0\(3a\)su3
- version/cisco unified communications manager session management edition/8.5
- version/cisco unified communications manager session management edition/8.5\(1\)
- version/cisco unified communications manager session management edition/8.5\(1\)su1
- version/cisco unified communications manager session management edition/8.5\(1\)su2
- version/cisco unified communications manager session management edition/8.5\(1\)su3
- version/cisco unified communications manager session management edition/8.5\(1\)su4
- version/cisco unified communications manager session management edition/8.5\(1\)su5
- version/cisco unified communications manager session management edition/8.6
- version/cisco unified communications manager session management edition/8.6\(1\)
- version/cisco unified communications manager session management edition/8.6\(1a\)
- version/cisco unified communications manager session management edition/8.6\(2\)
- version/cisco unified communications manager session management edition/8.6\(2a\)
- version/cisco unified communications manager session management edition/8.6\(2a\)su1
- version/cisco unified communications manager session management edition/8.6\(2a\)su2
- version/cisco unified communications manager session management edition/8.6\(2a\)su3
- version/cisco unified communications manager session management edition/8.6\(3\)
- version/cisco unified communications manager session management edition/8.6\(4\)
- version/cisco unified communications manager session management edition/9.0\(1\)