Sign-up

ID

VAR-201309-0440


CVE

CVE-2013-5502


TITLE

Cisco MediaSense of Web Important query strings in the interface or Cookie Vulnerability to obtain information

Trust: 0.8

sources: JVNDB: JVNDB-2013-004280

DESCRIPTION

The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344. Vendors have confirmed this vulnerability Bug ID CSCuj23344 It is released as.Important query strings or Cookie Information may be obtained. Cisco MediaSense is prone to an information-disclosure vulnerability. A man-in-the-middle attacker may be able to exploit this issue to obtain sensitive information. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuj23344. Cisco MediaSense is a set of network-based scalable recording platform of Cisco (Cisco). The platform can be used to record speech and video, etc

Trust: 1.98

sources: NVD: CVE-2013-5502 // JVNDB: JVNDB-2013-004280 // BID: 62601 // VULHUB: VHN-65504

AFFECTED PRODUCTS

vendor:ciscomodel:mediasensescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:mediasensescope:lteversion:9.1(1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-004280 // CNNVD: CNNVD-201309-397 // NVD: CVE-2013-5502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5502
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5502
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-397
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65504
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5502
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65504
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65504 // JVNDB: JVNDB-2013-004280 // CNNVD: CNNVD-201309-397 // NVD: CVE-2013-5502

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65504 // JVNDB: JVNDB-2013-004280 // NVD: CVE-2013-5502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-397

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-397

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004280

PATCH
title:Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5502
Trust: 0.8
title:30934url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30934
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004280

EXTERNAL IDS
db:NVDid:CVE-2013-5502
Trust: 2.8
db:OSVDBid:97532
Trust: 1.1
db:JVNDBid:JVNDB-2013-004280
Trust: 0.8
db:CNNVDid:CNNVD-201309-397
Trust: 0.7
db:CISCOid:20130920 CISCO MEDIASENSE SENSITIVE DATA IN QUERY STRING/COOKIE VULNERABILITY
Trust: 0.6
db:BIDid:62601
Trust: 0.4
db:VULHUBid:VHN-65504
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65504 // 
            
            
            
            BID: 62601 // 
            
            
            
            JVNDB: JVNDB-2013-004280 // 
            
            
            
            CNNVD: CNNVD-201309-397 // 
            
            
            
            NVD: CVE-2013-5502

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5502
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30934
Trust: 1.1
url:http://osvdb.org/97532
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5502
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5502
Trust: 0.8
sources:
            
            
            VULHUB: VHN-65504 // 
            
            
            
            JVNDB: JVNDB-2013-004280 // 
            
            
            
            CNNVD: CNNVD-201309-397 // 
            
            
            
            NVD: CVE-2013-5502

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62601

SOURCES
db:VULHUBid:VHN-65504
db:BIDid:62601
db:JVNDBid:JVNDB-2013-004280
db:CNNVDid:CNNVD-201309-397
db:NVDid:CVE-2013-5502

LAST UPDATE DATE
2024-11-23T22:18:44.188000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65504date:2016-09-20T00:00:00
db:BIDid:62601date:2013-09-25T00:15:00
db:JVNDBid:JVNDB-2013-004280date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-397date:2013-09-24T00:00:00
db:NVDid:CVE-2013-5502date:2024-11-21T01:57:35.913

SOURCES RELEASE DATE
db:VULHUBid:VHN-65504date:2013-09-23T00:00:00
db:BIDid:62601date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-004280date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-397date:2013-09-24T00:00:00
db:NVDid:CVE-2013-5502date:2013-09-23T10:18:59.207