CVE-2013-6685

CVE Database · CVE-2013-6685

CVE-2013-6685

· N/AModified

CVSS v3.1

N/A

EPSS

0.28%

Published

Nov 13, 2013

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.

Weaknesses (CWE)

CWE-264

Affected Products (4)

cisco · unified_ip_phone_firmwarevulnerable

cisco · unified_ip_phone_8961vulnerable

cisco · unified_ip_phone_9951vulnerable

cisco · unified_ip_phone_9971vulnerable

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs