Sign-up

ID

VAR-201309-0154


CVE

CVE-2013-3446


TITLE

Cisco Digital Media Manager Login redirect page open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004094

DESCRIPTION

Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. This issue is tracked by Cisco Bug ID CSCub23849. This product manages and publishes digital media content

Trust: 1.98

sources: NVD: CVE-2013-3446 // JVNDB: JVNDB-2013-004094 // BID: 62337 // VULHUB: VHN-63448

AFFECTED PRODUCTS

vendor:ciscomodel:digital media managerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:digital media managerscope:eqversion:5.3

Trust: 1.1

sources: BID: 62337 // JVNDB: JVNDB-2013-004094 // CNNVD: CNNVD-201309-164 // NVD: CVE-2013-3446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3446
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3446
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-164
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63448
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3446
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63448
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63448 // JVNDB: JVNDB-2013-004094 // CNNVD: CNNVD-201309-164 // NVD: CVE-2013-3446

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-63448 // JVNDB: JVNDB-2013-004094 // NVD: CVE-2013-3446

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-164

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201309-164

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004094

PATCH
title:Cisco Digital Media System DMM Open Redirect Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3446
Trust: 0.8
title:30750url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30750
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004094

EXTERNAL IDS
db:NVDid:CVE-2013-3446
Trust: 2.8
db:JVNDBid:JVNDB-2013-004094
Trust: 0.8
db:CNNVDid:CNNVD-201309-164
Trust: 0.7
db:CISCOid:20130911 CISCO DIGITAL MEDIA SYSTEM DMM OPEN REDIRECT VULNERABILITY
Trust: 0.6
db:BIDid:62337
Trust: 0.4
db:VULHUBid:VHN-63448
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63448 // 
            
            
            
            BID: 62337 // 
            
            
            
            JVNDB: JVNDB-2013-004094 // 
            
            
            
            CNNVD: CNNVD-201309-164 // 
            
            
            
            NVD: CVE-2013-3446

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3446
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3446
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3446
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps6681/
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63448 // 
            
            
            
            BID: 62337 // 
            
            
            
            JVNDB: JVNDB-2013-004094 // 
            
            
            
            CNNVD: CNNVD-201309-164 // 
            
            
            
            NVD: CVE-2013-3446

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62337

SOURCES
db:VULHUBid:VHN-63448
db:BIDid:62337
db:JVNDBid:JVNDB-2013-004094
db:CNNVDid:CNNVD-201309-164
db:NVDid:CVE-2013-3446

LAST UPDATE DATE
2024-08-14T13:48:22.573000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63448date:2013-09-13T00:00:00
db:BIDid:62337date:2013-09-16T00:12:00
db:JVNDBid:JVNDB-2013-004094date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-164date:2013-09-16T00:00:00
db:NVDid:CVE-2013-3446date:2013-09-13T18:35:23.337

SOURCES RELEASE DATE
db:VULHUBid:VHN-63448date:2013-09-12T00:00:00
db:BIDid:62337date:2013-09-11T00:00:00
db:JVNDBid:JVNDB-2013-004094date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-164date:2013-09-16T00:00:00
db:NVDid:CVE-2013-3446date:2013-09-12T13:28:32.190