Vulnerability Details : CVE-2013-3431
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
Products affected by CVE-2013-3431
- cpe:2.3:a:cisco:video_surveillance_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr1:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr2:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr3:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:4.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3431
4.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3431
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2013-3431
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-3431
-
http://www.securityfocus.com/bid/61431
Cisco Video Surveillance Manager CVE-2013-3431 Remote Authentication Bypass Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
Multiple Vulnerabilities in the Cisco Video Surveillance ManagerVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
Cisco Video Surveillance Manager CVE-2013-3431 information disclosure CVE-2013-3431 Vulnerability Report
-
http://www.securitytracker.com/id/1028827
Cisco Video Surveillance Manager Bugs Let Remote Users Obtain Potentially Sensitive Information - SecurityTracker
Jump to