CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-3407

The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.0%

CVSS Severity

CVSS v2 Score 5.0

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3407
http://tools.cisco.com/security/center/viewAlert.x?alertId=31776
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3407
http://tools.cisco.com/security/center/viewAlert.x?alertId=31776

Products affected by CVE-2013-3407

Cisco » Server Provisioner » Version: 6.3.0

cpe:2.3:a:cisco:server_provisioner:6.3.0
Cisco » Server Provisioner » Version: 6.4.0

cpe:2.3:a:cisco:server_provisioner:6.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3407

Products

Pricing

Contact Us