Sign-up

ID

VAR-201307-0214


CVE

CVE-2013-3430


TITLE

Cisco Video Surveillance Manager Vulnerabilities in capturing important configuration, archive, and log information

Trust: 0.8

sources: JVNDB: JVNDB-2013-003511

DESCRIPTION

Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288. Vendors report this vulnerability Bug ID CSCsv37288 Published as.Important settings, archives, and log information can be obtained by third parties. Cisco Video Surveillance Manager is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain administrative controls of the vulnerable device. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCsv37288. Versions prior to Cisco Video Surveillance Manager 7.0.0 are vulnerable. It provides a browser-based user interface for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. The vulnerability is caused by the fact that the program does not require authentication

Trust: 1.98

sources: NVD: CVE-2013-3430 // JVNDB: JVNDB-2013-003511 // BID: 61432 // VULHUB: VHN-63432

AFFECTED PRODUCTS

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.2

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:4.2.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:1.1.0

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.3

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.6

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.2

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:1.2.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.4

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.3.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:lteversion:6.3.3

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.7

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:4.0.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:4.2.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.3.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.0.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:ltversion:7.0.0

Trust: 0.8

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.3

Trust: 0.6

sources: JVNDB: JVNDB-2013-003511 // CNNVD: CNNVD-201307-506 // NVD: CVE-2013-3430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3430
value: HIGH

Trust: 1.0

NVD: CVE-2013-3430
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-506
value: CRITICAL

Trust: 0.6

VULHUB: VHN-63432
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3430
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63432
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63432 // JVNDB: JVNDB-2013-003511 // CNNVD: CNNVD-201307-506 // NVD: CVE-2013-3430

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

sources: VULHUB: VHN-63432 // NVD: CVE-2013-3430

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-506

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201307-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003511

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63432

PATCH
title:30093url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30093
Trust: 0.8
title:cisco-sa-20130724-vsmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
Trust: 0.8
title:30131url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30131
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003511

EXTERNAL IDS
db:NVDid:CVE-2013-3430
Trust: 2.8
db:BIDid:61432
Trust: 2.0
db:SECTRACKid:1028827
Trust: 1.1
db:JVNDBid:JVNDB-2013-003511
Trust: 0.8
db:CNNVDid:CNNVD-201307-506
Trust: 0.7
db:CISCOid:20130724 MULTIPLE VULNERABILITIES IN THE CISCO VIDEO SURVEILLANCE MANAGER
Trust: 0.6
db:EXPLOIT-DBid:24786
Trust: 0.1
db:VULHUBid:VHN-63432
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63432 // 
            
            
            
            BID: 61432 // 
            
            
            
            JVNDB: JVNDB-2013-003511 // 
            
            
            
            CNNVD: CNNVD-201307-506 // 
            
            
            
            NVD: CVE-2013-3430

REFERENCES
url:http://www.securityfocus.com/bid/61432
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130724-vsm
Trust: 1.7
url:http://www.securitytracker.com/id/1028827
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85946
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3430
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3430
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63432 // 
            
            
            
            BID: 61432 // 
            
            
            
            JVNDB: JVNDB-2013-003511 // 
            
            
            
            CNNVD: CNNVD-201307-506 // 
            
            
            
            NVD: CVE-2013-3430

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 61432 // 
            
            
            
            CNNVD: CNNVD-201307-506

SOURCES
db:VULHUBid:VHN-63432
db:BIDid:61432
db:JVNDBid:JVNDB-2013-003511
db:CNNVDid:CNNVD-201307-506
db:NVDid:CVE-2013-3430

LAST UPDATE DATE
2024-08-14T13:48:28.403000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63432date:2017-08-29T00:00:00
db:BIDid:61432date:2013-07-25T06:44:00
db:JVNDBid:JVNDB-2013-003511date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-506date:2013-08-02T00:00:00
db:NVDid:CVE-2013-3430date:2017-08-29T01:33:23.307

SOURCES RELEASE DATE
db:VULHUBid:VHN-63432date:2013-07-25T00:00:00
db:BIDid:61432date:2013-07-24T00:00:00
db:JVNDBid:JVNDB-2013-003511date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-506date:2013-07-25T00:00:00
db:NVDid:CVE-2013-3430date:2013-07-25T15:53:16.217