CVE-2013-3429
published 2013-07-25CVE-2013-3429: Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted…
PriorityP352high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
10.19%
95.1th percentile
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | video_surveillance_manager | <= 6.3.3 | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vendor_cisco9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
vendor_cisco·2013-07-24·CVSS 9.0
CVE-2013-3429 [CRITICAL] CWE-22 Multiple Vulnerabilities in the Cisco Video Surveillance Manager
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.
More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is available at
Cisco
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
vendor_cisco
CVE-2013-3429 Multiple Vulnerabilities in the Cisco Video Surveillance Manager
CVE-2013-3429: Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html . Cisco has released software updates that address these vulnerabilities.
CWE: CWE-22, CWE-287, CWE-22, CWE-287
Bug IDs: CSCsv37163, CSCsv37288, CSCsv40169
GHSA
GHSA-jmpg-5mfj-649v: Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7
ghsa_unreviewed·2022-05-17
CVE-2013-3429 [HIGH] CWE-22 GHSA-jmpg-5mfj-649v: Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsmhttp://www.securityfocus.com/bid/61430http://www.securitytracker.com/id/1028827https://exchange.xforce.ibmcloud.com/vulnerabilities/85947http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsmhttp://www.securityfocus.com/bid/61430http://www.securitytracker.com/id/1028827https://exchange.xforce.ibmcloud.com/vulnerabilities/85947
2013-07-25
Published