Sign-up

ID

VAR-201306-0159


CVE

CVE-2013-3376


TITLE

Cisco Video Surveillance Operations Manager Open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002978

DESCRIPTION

Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This solution can provide secure configuration and management for web portal video, media server instances, cameras, etc. in the IP network

Trust: 1.98

sources: NVD: CVE-2013-3376 // JVNDB: JVNDB-2013-002978 // BID: 60522 // VULHUB: VHN-63378

AFFECTED PRODUCTS

vendor:ciscomodel:video surveillance operations managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:video surveillance operations managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:video surveillance operations manager softwarescope:eqversion:0

Trust: 0.3

sources: BID: 60522 // JVNDB: JVNDB-2013-002978 // CNNVD: CNNVD-201306-245 // NVD: CVE-2013-3376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3376
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3376
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201306-245
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63378
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3376
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63378
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63378 // JVNDB: JVNDB-2013-002978 // CNNVD: CNNVD-201306-245 // NVD: CVE-2013-3376

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-63378 // JVNDB: JVNDB-2013-002978 // NVD: CVE-2013-3376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-245

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201306-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002978

PATCH
title:Cisco Video Surveillance Operations Manager Help Page Allows Loading Remote Sitesurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3376
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002978

EXTERNAL IDS
db:NVDid:CVE-2013-3376
Trust: 2.8
db:JVNDBid:JVNDB-2013-002978
Trust: 0.8
db:CNNVDid:CNNVD-201306-245
Trust: 0.7
db:CISCOid:20130612 CISCO VIDEO SURVEILLANCE OPERATIONS MANAGER HELP PAGE ALLOWS LOADING REMOTE SITES
Trust: 0.6
db:BIDid:60522
Trust: 0.4
db:VULHUBid:VHN-63378
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63378 // 
            
            
            
            BID: 60522 // 
            
            
            
            JVNDB: JVNDB-2013-002978 // 
            
            
            
            CNNVD: CNNVD-201306-245 // 
            
            
            
            NVD: CVE-2013-3376

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3376
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3376
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3376
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps9153/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63378 // 
            
            
            
            BID: 60522 // 
            
            
            
            JVNDB: JVNDB-2013-002978 // 
            
            
            
            CNNVD: CNNVD-201306-245 // 
            
            
            
            NVD: CVE-2013-3376

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 60522

SOURCES
db:VULHUBid:VHN-63378
db:BIDid:60522
db:JVNDBid:JVNDB-2013-002978
db:CNNVDid:CNNVD-201306-245
db:NVDid:CVE-2013-3376

LAST UPDATE DATE
2024-08-14T14:14:22.573000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63378date:2013-06-14T00:00:00
db:BIDid:60522date:2013-06-12T00:00:00
db:JVNDBid:JVNDB-2013-002978date:2013-06-17T00:00:00
db:CNNVDid:CNNVD-201306-245date:2013-06-18T00:00:00
db:NVDid:CVE-2013-3376date:2013-06-14T13:18:44.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-63378date:2013-06-14T00:00:00
db:BIDid:60522date:2013-06-12T00:00:00
db:JVNDBid:JVNDB-2013-002978date:2013-06-17T00:00:00
db:CNNVDid:CNNVD-201306-245date:2013-06-18T00:00:00
db:NVDid:CVE-2013-3376date:2013-06-14T13:07:29.493