Vulnerability Details CVE-2013-3431
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.046
EPSS Ranking 88.6%
CVSS Severity
CVSS v2 Score 7.8
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
- http://www.securityfocus.com/bid/61431
- http://www.securitytracker.com/id/1028827
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
- http://www.securityfocus.com/bid/61431
- http://www.securitytracker.com/id/1028827
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
Products affected by CVE-2013-3431
-
cpe:2.3:a:cisco:video_surveillance_manager:1.1.0
-
cpe:2.3:a:cisco:video_surveillance_manager:1.2.1
-
cpe:2.3:a:cisco:video_surveillance_manager:2.0.0
-
cpe:2.3:a:cisco:video_surveillance_manager:2.1
-
cpe:2.3:a:cisco:video_surveillance_manager:2.1.2
-
cpe:2.3:a:cisco:video_surveillance_manager:2.1.3
-
cpe:2.3:a:cisco:video_surveillance_manager:2.1.4
-
cpe:2.3:a:cisco:video_surveillance_manager:2.1.6
-
cpe:2.3:a:cisco:video_surveillance_manager:2.1.7
-
cpe:2.3:a:cisco:video_surveillance_manager:2.3.0
-
cpe:2.3:a:cisco:video_surveillance_manager:2.3.1
-
cpe:2.3:a:cisco:video_surveillance_manager:4.0.1
-
cpe:2.3:a:cisco:video_surveillance_manager:4.2.0
-
cpe:2.3:a:cisco:video_surveillance_manager:4.2.1
-
cpe:2.3:a:cisco:video_surveillance_manager:6.3
-
cpe:2.3:a:cisco:video_surveillance_manager:6.3.1
-
cpe:2.3:a:cisco:video_surveillance_manager:6.3.2
-
cpe:2.3:a:cisco:video_surveillance_manager:6.3.3