VIR Vulnerability Intelligence Relay

CVE-2013-6689

medium
Published 2013-11-18 · Modified 2026-04-29
CVSS v3
CVSS v2
6.9
VIR risk
6.9

Description

Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier allows local users to bypass file permissions, and read, modify, or create arbitrary files, via an "overload" of the command-line utility, aka Bug ID CSCui58229.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/viewAlert.x?alertId=31758

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6689

Application impact
VendorProductVersionsFixed
ciscounified_communications_manager{"endIncluding":"9.1\\(1\\)"}
ciscounified_communications_manager3.3\(5\)
ciscounified_communications_manager3.3\(5\)sr1
ciscounified_communications_manager3.3\(5\)sr2a
ciscounified_communications_manager4.1\(3\)
ciscounified_communications_manager4.1\(3\)sr1
ciscounified_communications_manager4.1\(3\)sr2
ciscounified_communications_manager4.1\(3\)sr3
ciscounified_communications_manager4.1\(3\)sr4
ciscounified_communications_manager4.2
ciscounified_communications_manager4.2.1
ciscounified_communications_manager4.2.2
ciscounified_communications_manager4.2.3
ciscounified_communications_manager4.2.3sr1
ciscounified_communications_manager4.2.3sr2
ciscounified_communications_manager4.2.3sr2b
ciscounified_communications_manager4.3
ciscounified_communications_manager4.3\(1\)
ciscounified_communications_manager5.0
ciscounified_communications_manager5.1
ciscounified_communications_manager5.1\(1\)
ciscounified_communications_manager5.1\(1b\)
ciscounified_communications_manager5.1\(1c\)
ciscounified_communications_manager5.1\(2\)
ciscounified_communications_manager5.1\(2a\)
ciscounified_communications_manager5.1\(2b\)
ciscounified_communications_manager5.1\(3\)
ciscounified_communications_manager5.1\(3a\)
ciscounified_communications_manager5.1\(3c\)
ciscounified_communications_manager5.1\(3d\)
ciscounified_communications_manager5.1\(3e\)
ciscounified_communications_manager5.1.2
ciscounified_communications_manager6.0
ciscounified_communications_manager6.0\(1\)
ciscounified_communications_manager6.0\(1a\)
ciscounified_communications_manager6.0\(1b\)
ciscounified_communications_manager6.1\(1\)
ciscounified_communications_manager6.1\(1a\)
ciscounified_communications_manager6.1\(1b\)
ciscounified_communications_manager6.1\(2\)
ciscounified_communications_manager6.1\(2\)su1
ciscounified_communications_manager6.1\(2\)su1a
ciscounified_communications_manager6.1\(3\)
ciscounified_communications_manager6.1\(3a\)
ciscounified_communications_manager6.1\(3b\)
ciscounified_communications_manager6.1\(3b\)su1
ciscounified_communications_manager6.1\(4\)
ciscounified_communications_manager6.1\(4\)su1
ciscounified_communications_manager6.1\(4a\)
ciscounified_communications_manager6.1\(4a\)su2
ciscounified_communications_manager6.1\(5\)
ciscounified_communications_manager6.1\(5\)su1
ciscounified_communications_manager6.1\(5\)su2
ciscounified_communications_manager6.1\(5\)su3
ciscounified_communications_manager7.0\(1\)su1
ciscounified_communications_manager7.0\(1\)su1a
ciscounified_communications_manager7.0\(2\)
ciscounified_communications_manager7.0\(2a\)
ciscounified_communications_manager7.0\(2a\)su1
ciscounified_communications_manager7.0\(2a\)su2
ciscounified_communications_manager7.1\(2a\)
ciscounified_communications_manager7.1\(2a\)su1
ciscounified_communications_manager7.1\(2b\)
ciscounified_communications_manager7.1\(2b\)su1
ciscounified_communications_manager7.1\(3\)
ciscounified_communications_manager7.1\(3a\)
ciscounified_communications_manager7.1\(3a\)su1
ciscounified_communications_manager7.1\(3a\)su1a
ciscounified_communications_manager7.1\(3b\)
ciscounified_communications_manager7.1\(3b\)su1
ciscounified_communications_manager7.1\(3b\)su2
ciscounified_communications_manager7.1\(5\)
ciscounified_communications_manager7.1\(5\)su1
ciscounified_communications_manager7.1\(5\)su1a
ciscounified_communications_manager7.1\(5a\)
ciscounified_communications_manager7.1\(5b\)
ciscounified_communications_manager7.1\(5b\)su1
ciscounified_communications_manager7.1\(5b\)su1a
ciscounified_communications_manager7.1\(5b\)su2
ciscounified_communications_manager7.1\(5b\)su3
ciscounified_communications_manager7.1\(5b\)su4
ciscounified_communications_manager7.1\(5b\)su5
ciscounified_communications_manager7.1\(5b\)su6
ciscounified_communications_manager8.0
ciscounified_communications_manager8.0\(1\)
ciscounified_communications_manager8.0\(2\)
ciscounified_communications_manager8.0\(2a\)
ciscounified_communications_manager8.0\(2b\)
ciscounified_communications_manager8.0\(2c\)
ciscounified_communications_manager8.0\(2c\)su1
ciscounified_communications_manager8.0\(3\)
ciscounified_communications_manager8.0\(3a\)
ciscounified_communications_manager8.0\(3a\)su1
ciscounified_communications_manager8.0\(3a\)su2
ciscounified_communications_manager8.0\(3a\)su3
ciscounified_communications_manager8.5
ciscounified_communications_manager8.5\(1\)
ciscounified_communications_manager8.5\(1\)su1
ciscounified_communications_manager8.5\(1\)su2
ciscounified_communications_manager8.5\(1\)su3
ciscounified_communications_manager8.5\(1\)su4
ciscounified_communications_manager8.5\(1\)su5
ciscounified_communications_manager8.6
ciscounified_communications_manager8.6\(1\)
ciscounified_communications_manager8.6\(1a\)
ciscounified_communications_manager8.6\(2\)
ciscounified_communications_manager8.6\(2a\)
ciscounified_communications_manager8.6\(2a\)su1
ciscounified_communications_manager8.6\(2a\)su2
ciscounified_communications_manager8.6\(2a\)su3
ciscounified_communications_manager8.6\(3\)
ciscounified_communications_manager8.6\(4\)
ciscounified_communications_manager9.0\(1\)

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.