Sign-up

ID

VAR-201309-0232


CVE

CVE-2013-3469


TITLE

Cisco Mobility service Vulnerability to get unauthorized session in engine

Trust: 0.8

sources: JVNDB: JVNDB-2013-003953

DESCRIPTION

Cisco Mobility Services Engine does not properly set up the Oracle SSL service, which allows remote attackers to obtain an unauthenticated session to the database-replication port, and consequently obtain sensitive information, via an SSL connection, aka Bug ID CSCue50794. Cisco Mobility Services Engine is prone to a security-bypass vulnerability. Exploiting this issue could allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCue50794. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security bypass vulnerability exists in Cisco MSE due to a misconfigured Oracle SSL server

Trust: 1.98

sources: NVD: CVE-2013-3469 // JVNDB: JVNDB-2013-003953 // BID: 62091 // VULHUB: VHN-63471

AFFECTED PRODUCTS

vendor:ciscomodel:mobility services enginescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:mobility services enginescope:eqversion:7.0

Trust: 0.8

sources: JVNDB: JVNDB-2013-003953 // CNNVD: CNNVD-201308-539 // NVD: CVE-2013-3469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3469
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3469
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-539
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63471
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3469
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63471
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63471 // JVNDB: JVNDB-2013-003953 // CNNVD: CNNVD-201308-539 // NVD: CVE-2013-3469

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-63471 // JVNDB: JVNDB-2013-003953 // NVD: CVE-2013-3469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-539

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201308-539

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003953

PATCH
title:Cisco Mobility Services Engine Anonymous Login Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3469
Trust: 0.8
title:30617url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30617
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003953

EXTERNAL IDS
db:NVDid:CVE-2013-3469
Trust: 2.8
db:BIDid:62091
Trust: 2.0
db:SECTRACKid:1028972
Trust: 1.1
db:JVNDBid:JVNDB-2013-003953
Trust: 0.8
db:CNNVDid:CNNVD-201308-539
Trust: 0.7
db:CISCOid:20130830 CISCO MOBILITY SERVICES ENGINE ANONYMOUS LOGIN VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-63471
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63471 // 
            
            
            
            BID: 62091 // 
            
            
            
            JVNDB: JVNDB-2013-003953 // 
            
            
            
            CNNVD: CNNVD-201308-539 // 
            
            
            
            NVD: CVE-2013-3469

REFERENCES
url:http://www.securityfocus.com/bid/62091
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3469
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30617
Trust: 1.1
url:http://www.securitytracker.com/id/1028972
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3469
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3469
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63471 // 
            
            
            
            BID: 62091 // 
            
            
            
            JVNDB: JVNDB-2013-003953 // 
            
            
            
            CNNVD: CNNVD-201308-539 // 
            
            
            
            NVD: CVE-2013-3469

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 62091 // 
            
            
            
            CNNVD: CNNVD-201308-539

SOURCES
db:VULHUBid:VHN-63471
db:BIDid:62091
db:JVNDBid:JVNDB-2013-003953
db:CNNVDid:CNNVD-201308-539
db:NVDid:CVE-2013-3469

LAST UPDATE DATE
2024-08-14T15:03:40.494000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63471date:2016-11-04T00:00:00
db:BIDid:62091date:2013-09-04T02:11:00
db:JVNDBid:JVNDB-2013-003953date:2013-09-05T00:00:00
db:CNNVDid:CNNVD-201308-539date:2013-09-04T00:00:00
db:NVDid:CVE-2013-3469date:2016-11-04T19:52:43.463

SOURCES RELEASE DATE
db:VULHUBid:VHN-63471date:2013-09-04T00:00:00
db:BIDid:62091date:2013-08-30T00:00:00
db:JVNDBid:JVNDB-2013-003953date:2013-09-05T00:00:00
db:CNNVDid:CNNVD-201308-539date:2013-08-30T00:00:00
db:NVDid:CVE-2013-3469date:2013-09-04T03:24:36.997