CVE-2013-3430
published 2013-07-25CVE-2013-3430: Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified…
PriorityP353critical9CVSS 2.0
AVNACLAuNCCIPAP
EXPLOIT
EPSS
8.27%
94.2th percentile
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | video_surveillance_manager | <= 6.3.3 | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:C/I:P/A:P
vendor_cisco9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
vendor_cisco·2013-07-24·CVSS 9.0
CVE-2013-3429 [CRITICAL] CWE-22 Multiple Vulnerabilities in the Cisco Video Surveillance Manager
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.
More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is available at
Cisco
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
vendor_cisco
CVE-2013-3430 Multiple Vulnerabilities in the Cisco Video Surveillance Manager
CVE-2013-3430: Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html . Cisco has released software updates that address these vulnerabilities.
CWE: CWE-22, CWE-287, CWE-22, CWE-287
Bug IDs: CSCsv37163, CSCsv37288, CSCsv40169
GHSA
GHSA-2mp7-r7rc-5fh6: Cisco Video Surveillance Manager (VSM) before 7
ghsa_unreviewed·2022-05-17
CVE-2013-3430 [HIGH] CWE-287 GHSA-2mp7-r7rc-5fh6: Cisco Video Surveillance Manager (VSM) before 7
Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37288.
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsmhttp://www.securityfocus.com/bid/61432http://www.securitytracker.com/id/1028827https://exchange.xforce.ibmcloud.com/vulnerabilities/85946http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsmhttp://www.securityfocus.com/bid/61432http://www.securitytracker.com/id/1028827https://exchange.xforce.ibmcloud.com/vulnerabilities/85946
2013-07-25
Published