Sign-up

ID

VAR-201308-0223


CVE

CVE-2013-3457


TITLE

Cisco Finesse of Web Absolute path traversal vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-003687

DESCRIPTION

Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772. Cisco Finesse is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue is being tracked by Cisco BugId CSCug16772. The software improves call center service quality, improves customer experience, and increases agent satisfaction

Trust: 1.98

sources: NVD: CVE-2013-3457 // JVNDB: JVNDB-2013-003687 // BID: 61706 // VULHUB: VHN-63459

AFFECTED PRODUCTS

vendor:ciscomodel:finessescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:finessescope:lteversion:9.1(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-003687 // CNNVD: CNNVD-201308-156 // NVD: CVE-2013-3457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3457
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3457
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-156
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63459
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3457
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63459
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63459 // JVNDB: JVNDB-2013-003687 // CNNVD: CNNVD-201308-156 // NVD: CVE-2013-3457

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-63459 // JVNDB: JVNDB-2013-003687 // NVD: CVE-2013-3457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-156

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201308-156

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003687

PATCH
title:Cisco Finesse Directory Read Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3457
Trust: 0.8
title:30385url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30385
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003687

EXTERNAL IDS
db:NVDid:CVE-2013-3457
Trust: 2.8
db:SECTRACKid:1028896
Trust: 1.1
db:JVNDBid:JVNDB-2013-003687
Trust: 0.8
db:CNNVDid:CNNVD-201308-156
Trust: 0.7
db:CISCOid:20130809 CISCO FINESSE DIRECTORY READ VULNERABILITY
Trust: 0.6
db:BIDid:61706
Trust: 0.4
db:VULHUBid:VHN-63459
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63459 // 
            
            
            
            BID: 61706 // 
            
            
            
            JVNDB: JVNDB-2013-003687 // 
            
            
            
            CNNVD: CNNVD-201308-156 // 
            
            
            
            NVD: CVE-2013-3457

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3457
Trust: 1.7
url:http://www.securitytracker.com/id/1028896
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/86356
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3457
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3457
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63459 // 
            
            
            
            BID: 61706 // 
            
            
            
            JVNDB: JVNDB-2013-003687 // 
            
            
            
            CNNVD: CNNVD-201308-156 // 
            
            
            
            NVD: CVE-2013-3457

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61706

SOURCES
db:VULHUBid:VHN-63459
db:BIDid:61706
db:JVNDBid:JVNDB-2013-003687
db:CNNVDid:CNNVD-201308-156
db:NVDid:CVE-2013-3457

LAST UPDATE DATE
2024-08-14T14:14:21.602000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63459date:2017-08-29T00:00:00
db:BIDid:61706date:2013-08-09T00:00:00
db:JVNDBid:JVNDB-2013-003687date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-156date:2013-08-22T00:00:00
db:NVDid:CVE-2013-3457date:2017-08-29T01:33:23.653

SOURCES RELEASE DATE
db:VULHUBid:VHN-63459date:2013-08-12T00:00:00
db:BIDid:61706date:2013-08-09T00:00:00
db:JVNDBid:JVNDB-2013-003687date:2013-08-13T00:00:00
db:CNNVDid:CNNVD-201308-156date:2013-08-22T00:00:00
db:NVDid:CVE-2013-3457date:2013-08-12T10:58:49.297