Sign-up

ID

VAR-201307-0219


CVE

CVE-2013-3431


TITLE

Cisco Video Surveillance Manager Vulnerabilities in which important settings, archives, and log information are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-003512

DESCRIPTION

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. Vendors have confirmed this vulnerability Bug ID CSCsv40169 It is released as.A third party may obtain important configuration, archive, and log information. Cisco Video Surveillance Manager is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain administrative controls of the vulnerable device. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCsv40169. Versions prior to Cisco Video Surveillance Manager 7.0.0 are vulnerable. It provides a browser-based user interface for collecting, managing, recording, archiving and categorizing video from multiple third-party video encoders and IP cameras. The vulnerability comes from the fact that the program accessing the VSMC monitoring page does not require identity authentication

Trust: 1.98

sources: NVD: CVE-2013-3431 // JVNDB: JVNDB-2013-003512 // BID: 61431 // VULHUB: VHN-63433

AFFECTED PRODUCTS

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.2

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:4.2.0

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:1.2.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:4.2.1

Trust: 1.6

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.4

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.3.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:lteversion:6.3.3

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.7

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:4.0.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.3

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.6

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.3.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:1.1.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.0.0

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:eqversion:2.1.2

Trust: 1.0

vendor:ciscomodel:video surveillance managerscope:ltversion:7.0.0

Trust: 0.8

vendor:ciscomodel:video surveillance managerscope:eqversion:6.3.3

Trust: 0.6

sources: JVNDB: JVNDB-2013-003512 // CNNVD: CNNVD-201307-507 // NVD: CVE-2013-3431

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3431
value: HIGH

Trust: 1.0

NVD: CVE-2013-3431
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-507
value: HIGH

Trust: 0.6

VULHUB: VHN-63433
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3431
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63433
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63433 // JVNDB: JVNDB-2013-003512 // CNNVD: CNNVD-201307-507 // NVD: CVE-2013-3431

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-63433 // JVNDB: JVNDB-2013-003512 // NVD: CVE-2013-3431

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-507

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201307-507

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003512

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63433

PATCH
title:30093url:http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30093
Trust: 0.8
title:cisco-sa-20130724-vsmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
Trust: 0.8
title:30132url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30132
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003512

EXTERNAL IDS
db:NVDid:CVE-2013-3431
Trust: 2.8
db:BIDid:61431
Trust: 2.0
db:SECTRACKid:1028827
Trust: 1.1
db:JVNDBid:JVNDB-2013-003512
Trust: 0.8
db:CNNVDid:CNNVD-201307-507
Trust: 0.7
db:CISCOid:20130724 MULTIPLE VULNERABILITIES IN THE CISCO VIDEO SURVEILLANCE MANAGER
Trust: 0.6
db:EXPLOIT-DBid:24786
Trust: 0.1
db:VULHUBid:VHN-63433
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63433 // 
            
            
            
            BID: 61431 // 
            
            
            
            JVNDB: JVNDB-2013-003512 // 
            
            
            
            CNNVD: CNNVD-201307-507 // 
            
            
            
            NVD: CVE-2013-3431

REFERENCES
url:http://www.securityfocus.com/bid/61431
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130724-vsm
Trust: 1.7
url:http://www.securitytracker.com/id/1028827
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3431
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3431
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63433 // 
            
            
            
            BID: 61431 // 
            
            
            
            JVNDB: JVNDB-2013-003512 // 
            
            
            
            CNNVD: CNNVD-201307-507 // 
            
            
            
            NVD: CVE-2013-3431

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 61431 // 
            
            
            
            CNNVD: CNNVD-201307-507

SOURCES
db:VULHUBid:VHN-63433
db:BIDid:61431
db:JVNDBid:JVNDB-2013-003512
db:CNNVDid:CNNVD-201307-507
db:NVDid:CVE-2013-3431

LAST UPDATE DATE
2024-08-14T13:48:28.466000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63433date:2017-08-29T00:00:00
db:BIDid:61431date:2013-07-25T06:44:00
db:JVNDBid:JVNDB-2013-003512date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-507date:2013-07-26T00:00:00
db:NVDid:CVE-2013-3431date:2017-08-29T01:33:23.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-63433date:2013-07-25T00:00:00
db:BIDid:61431date:2013-07-24T00:00:00
db:JVNDBid:JVNDB-2013-003512date:2013-07-26T00:00:00
db:CNNVDid:CNNVD-201307-507date:2013-07-25T00:00:00
db:NVDid:CVE-2013-3431date:2013-07-25T15:53:16.233