Sign-up

ID

VAR-201308-0222


CVE

CVE-2013-3455


TITLE

Cisco Finesse Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-003686

DESCRIPTION

Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732. Cisco Finesse Contains a vulnerability in which important information is obtained. Attackers can exploit this issue to gain access to sensitive information that may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCug16732. The software improves call center service quality, improves customer experience, and increases agent satisfaction

Trust: 1.98

sources: NVD: CVE-2013-3455 // JVNDB: JVNDB-2013-003686 // BID: 61707 // VULHUB: VHN-63457

AFFECTED PRODUCTS

vendor:ciscomodel:finessescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:finessescope:lteversion:9.1(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-003686 // CNNVD: CNNVD-201308-155 // NVD: CVE-2013-3455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3455
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3455
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-155
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63457
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3455
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63457
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63457 // JVNDB: JVNDB-2013-003686 // CNNVD: CNNVD-201308-155 // NVD: CVE-2013-3455

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-63457 // JVNDB: JVNDB-2013-003686 // NVD: CVE-2013-3455

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-155

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201308-155

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003686

PATCH
title:Cisco Finesse User Data in Query Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3455
Trust: 0.8
title:30386url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30386
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003686

EXTERNAL IDS
db:NVDid:CVE-2013-3455
Trust: 2.8
db:SECTRACKid:1028897
Trust: 1.1
db:JVNDBid:JVNDB-2013-003686
Trust: 0.8
db:CNNVDid:CNNVD-201308-155
Trust: 0.7
db:CISCOid:20130809 CISCO FINESSE USER DATA IN QUERY VULNERABILITY
Trust: 0.6
db:BIDid:61707
Trust: 0.4
db:VULHUBid:VHN-63457
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63457 // 
            
            
            
            BID: 61707 // 
            
            
            
            JVNDB: JVNDB-2013-003686 // 
            
            
            
            CNNVD: CNNVD-201308-155 // 
            
            
            
            NVD: CVE-2013-3455

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3455
Trust: 1.7
url:http://www.securitytracker.com/id/1028897
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86357
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3455
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3455
Trust: 0.8
sources:
            
            
            VULHUB: VHN-63457 // 
            
            
            
            JVNDB: JVNDB-2013-003686 // 
            
            
            
            CNNVD: CNNVD-201308-155 // 
            
            
            
            NVD: CVE-2013-3455

CREDITS
Reported by the vendor
Trust: 0.3
sources:
            
            
            BID: 61707

SOURCES
db:VULHUBid:VHN-63457
db:BIDid:61707
db:JVNDBid:JVNDB-2013-003686
db:CNNVDid:CNNVD-201308-155
db:NVDid:CVE-2013-3455

LAST UPDATE DATE
2024-08-14T14:40:25.587000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63457date:2017-08-29T00:00:00
db:BIDid:61707date:2013-08-09T00:00:00
db:JVNDBid:JVNDB-2013-003686date:2013-08-19T00:00:00
db:CNNVDid:CNNVD-201308-155date:2013-08-22T00:00:00
db:NVDid:CVE-2013-3455date:2017-08-29T01:33:23.590

SOURCES RELEASE DATE
db:VULHUBid:VHN-63457date:2013-08-12T00:00:00
db:BIDid:61707date:2013-08-09T00:00:00
db:JVNDBid:JVNDB-2013-003686date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-155date:2013-08-22T00:00:00
db:NVDid:CVE-2013-3455date:2013-08-12T10:58:49.253