CVE-2013-3431

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm	Vendor Advisory
http://www.securityfocus.com/bid/61431
http://www.securitytracker.com/id/1028827
https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm	Vendor Advisory
http://www.securityfocus.com/bid/61431
http://www.securitytracker.com/id/1028827
https://exchange.xforce.ibmcloud.com/vulnerabilities/85945

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:video_surveillance_manager::::::::
	cpe:2.3:a:cisco:video_surveillance_manager:1.1.0:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:1.2.1:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.0.0:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.1:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.1.2:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.1.3:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.1.4:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.1.6:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.1.7:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.3.0:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:2.3.1:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:4.0.1:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:4.2.0:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:4.2.1:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:6.3:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:6.3.1:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:::::::*
	cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr1::::::
	cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr2::::::
	cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr3::::::

History

21 Nov 2024, 01:53

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/61431 -~~	() http://www.securityfocus.com/bid/61431 -
References	~~() http://www.securitytracker.com/id/1028827 -~~	() http://www.securitytracker.com/id/1028827 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/85945 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/85945 -

Information

Published : 2013-07-25 15:53

Updated : 2025-04-11 00:51

NVD link : CVE-2013-3431

Mitre link : CVE-2013-3431

CVE.ORG link : CVE-2013-3431

JSON object : View

Products Affected

cisco

video_surveillance_manager

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-3431", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-25T15:53:16.233", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securityfocus.com/bid/61431", "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1028827", "source": "psirt@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85945", "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/61431", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1028827", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85945", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169."}, {"lang": "es", "value": "Cisco Video Surveillance Manager (VSM) anteriores a v7.0.0 no requiere autenticaci\u00f3n para acceder a las p\u00e1ginas de monitorizaci\u00f3n, permitiendo que atacantes remotos obtengan configuraci\u00f3n sensible, archivos, e informaci\u00f3n de los log mediante vectores no especificados, relacionados con el paquete Cisco_VSBWT (tambi\u00e9n conocido como c\u00f3digo de ejemplo Broadware), tambi\u00e9n referenciado como Bug ID CSCsv40169."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD249B8-2081-483D-A371-E38BA9D895CE", "versionEndIncluding": "6.3.3"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C863918-442B-44F5-ABF1-0A209832BB99"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF417FA9-46DA-4547-9C8C-8D13D152BD57"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E292612-353A-425C-B6BB-456769A62C8F"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FE9386E-AE00-4FC4-BBA5-98A02FE530B8"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB2181A-A8D0-40F5-98E7-B56A604756FF"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CDF94CF-DD9B-4469-BAD0-AC8FDAF6E22B"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABB39563-3E1C-4B00-B7BD-553425881957"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA29A6C0-D895-46D4-BB89-0E5BE3EFDA89"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10067FC4-429B-462D-B609-4706D69964A3"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6693F521-FB27-4025-8782-44706AC180D9"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "242EED01-3AC9-48D8-B860-E56DAD22CE70"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F597E6F7-C170-4B68-8601-6CEA2D4FE531"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF1C753D-BA59-458F-92E1-1E1C9E9921AD"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA7119A6-236F-4C9B-8A9C-19B5E434BB4E"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0E37235-B44C-4981-9152-4F969F240862"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:6.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEB98F7B-29B9-4C4D-AE4C-AFB5D50EBD51"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F46AF1F-C993-43F4-A5EA-5219139FBFD1"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4982588-DCE4-4BD6-A0B1-FAB860A52C26"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "873923F0-05AB-40D1-81A8-7AB02CFFAD56"}, {"criteria": "cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F705FECE-EF41-4A2B-93CB-F88039A82DFF"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}

7.8 /10