Sign-up

ID

VAR-201307-0213


CVE

CVE-2013-3429


TITLE

Cisco Video Surveillance Manager Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2013-003510

DESCRIPTION

Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163. Vendors have confirmed this vulnerability Bug ID CSCsv37163 It is released as.Skillfully crafted by a third party URL System files may be read via. Exploiting this issue can allow an attacker to gain access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCsv37163. Versions prior to Cisco Video Surveillance Manager 7.0.0 are vulnerable. It provides a browser-based user interface for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. These vulnerabilities are caused by the program's failure to sanitize user-submitted input

Trust: 1.98

sources: NVD: CVE-2013-3429 // JVNDB: JVNDB-2013-003510 // BID: 61430 // VULHUB: VHN-63431

AFFECTED PRODUCTS

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.4

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:4.2.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:1.1.0

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.3

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.7

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.6

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.3.0

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.0.0

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.2

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:1.2.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:lteversion:6.3.3

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:4.0.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:4.2.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.3.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.2

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:ltversion:7.0.0

Trust: 0.8

sources: JVNDB: JVNDB-2013-003510 // CNNVD: CNNVD-201307-505 // NVD: CVE-2013-3429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3429
value: HIGH

Trust: 1.0

NVD: CVE-2013-3429
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-505
value: HIGH

Trust: 0.6

VULHUB: VHN-63431
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3429
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63431
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63431 // JVNDB: JVNDB-2013-003510 // CNNVD: CNNVD-201307-505 // NVD: CVE-2013-3429

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-63431 // JVNDB: JVNDB-2013-003510 // NVD: CVE-2013-3429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-505

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201307-505

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003510

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63431

PATCH
title:30093url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30093
Trust: 0.8
title:cisco-sa-20130724-vsmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
Trust: 0.8
title:30130url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30130
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003510

EXTERNAL IDS
db:NVDid:CVE-2013-3429
Trust: 2.8
db:BIDid:61430
Trust: 2.0
db:SECTRACKid:1028827
Trust: 1.1
db:JVNDBid:JVNDB-2013-003510
Trust: 0.8
db:CNNVDid:CNNVD-201307-505
Trust: 0.7
db:CISCOid:20130724 MULTIPLE VULNERABILITIES IN THE CISCO VIDEO SURVEILLANCE MANAGER
Trust: 0.6
db:EXPLOIT-DBid:24786
Trust: 0.1
db:SEEBUGid:SSVID-78475
Trust: 0.1
db:VULHUBid:VHN-63431
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63431 // 
            
            
            
            BID: 61430 // 
            
            
            
            JVNDB: JVNDB-2013-003510 // 
            
            
            
            CNNVD: CNNVD-201307-505 // 
            
            
            
            NVD: CVE-2013-3429

REFERENCES
url:http://www.securityfocus.com/bid/61430
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130724-vsm
Trust: 1.7
url:http://www.securitytracker.com/id/1028827
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85947
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3429
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3429
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63431 // 
            
            
            
            BID: 61430 // 
            
            
            
            JVNDB: JVNDB-2013-003510 // 
            
            
            
            CNNVD: CNNVD-201307-505 // 
            
            
            
            NVD: CVE-2013-3429

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 61430 // 
            
            
            
            CNNVD: CNNVD-201307-505

SOURCES
db:VULHUBid:VHN-63431
db:BIDid:61430
db:JVNDBid:JVNDB-2013-003510
db:CNNVDid:CNNVD-201307-505
db:NVDid:CVE-2013-3429

LAST UPDATE DATE
2024-08-14T13:48:28.435000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63431date:2017-08-29T00:00:00
db:BIDid:61430date:2013-07-24T00:00:00
db:JVNDBid:JVNDB-2013-003510date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-505date:2013-07-26T00:00:00
db:NVDid:CVE-2013-3429date:2017-08-29T01:33:23.247

SOURCES RELEASE DATE
db:VULHUBid:VHN-63431date:2013-07-25T00:00:00
db:BIDid:61430date:2013-07-24T00:00:00
db:JVNDBid:JVNDB-2013-003510date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-505date:2013-07-25T00:00:00
db:NVDid:CVE-2013-3429date:2013-07-25T15:53:16.203