Details of VAR-201309-0150

ID

VAR-201309-0150

CVE

CVE-2013-3417

TITLE

Cisco Video Surveillance Operations Manager Management Web Vulnerability to watch streaming video in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-004361

DESCRIPTION

The administrative web interface in Cisco Video Surveillance Operations Manager does not properly perform authentication, which allows remote attackers to watch video feeds via a crafted URL, aka Bug ID CSCtg72262. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCtg72262. This solution can provide secure configuration and management for web portal video, media server instances, cameras, etc. in the IP network

Trust: 1.98

sources: NVD: CVE-2013-3417 // JVNDB: JVNDB-2013-004361 // BID: 62719 // VULHUB: VHN-63419

AFFECTED PRODUCTS

vendor:	cisco	model:	video surveillance operations manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	video surveillance operations manager	scope:	lte	version:	6.3.2	Trust: 0.8
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	6.3.2	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	4.1.1	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	6.3	Trust: 0.3
vendor:	cisco	model:	video surveillance operations manager software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 62719 // JVNDB: JVNDB-2013-004361 // CNNVD: CNNVD-201310-094 // NVD: CVE-2013-3417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3417
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3417
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-094
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63419
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3417
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63419
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63419 // JVNDB: JVNDB-2013-004361 // CNNVD: CNNVD-201310-094 // NVD: CVE-2013-3417

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-63419 // JVNDB: JVNDB-2013-004361 // NVD: CVE-2013-3417

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-094

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201310-094

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004361

PATCH

title:	Cisco Video Surveillance Operations Manager Unauthenticated Access to Camera Video Feeds Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3417	Trust: 0.8
title:	31015	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31015	Trust: 0.8

sources: JVNDB: JVNDB-2013-004361

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3417	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004361	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-094	Trust: 0.7
db:	CISCO	id:	20130927 CISCO VIDEO SURVEILLANCE OPERATIONS MANAGER UNAUTHENTICATED ACCESS TO CAMERA VIDEO FEEDS VULNERABILITY	Trust: 0.6
db:	BID	id:	62719	Trust: 0.4
db:	VULHUB	id:	VHN-63419	Trust: 0.1

sources: VULHUB: VHN-63419 // BID: 62719 // JVNDB: JVNDB-2013-004361 // CNNVD: CNNVD-201310-094 // NVD: CVE-2013-3417

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3417	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3417	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3417	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps9153/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31015	Trust: 0.3

sources: VULHUB: VHN-63419 // BID: 62719 // JVNDB: JVNDB-2013-004361 // CNNVD: CNNVD-201310-094 // NVD: CVE-2013-3417

CREDITS

Cisco

Trust: 0.3

sources: BID: 62719

SOURCES

db:	VULHUB	id:	VHN-63419
db:	BID	id:	62719
db:	JVNDB	id:	JVNDB-2013-004361
db:	CNNVD	id:	CNNVD-201310-094
db:	NVD	id:	CVE-2013-3417

LAST UPDATE DATE

2024-08-14T14:58:18.557000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63419	date:	2013-10-10T00:00:00
db:	BID	id:	62719	date:	2013-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-004361	date:	2013-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201310-094	date:	2013-10-16T00:00:00
db:	NVD	id:	CVE-2013-3417	date:	2013-10-10T16:54:36.517

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63419	date:	2013-09-30T00:00:00
db:	BID	id:	62719	date:	2013-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-004361	date:	2013-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201310-094	date:	2013-09-30T00:00:00
db:	NVD	id:	CVE-2013-3417	date:	2013-09-30T17:09:08.863