CVE-2013-3431
published 2013-07-25CVE-2013-3431: Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to…
PriorityP357high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
9.26%
94.7th percentile
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | video_surveillance_manager | <= 6.3.3 | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
| cisco | video_surveillance_manager | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vendor_cisco9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
vendor_cisco·2013-07-24·CVSS 9.0
CVE-2013-3429 [CRITICAL] CWE-22 Multiple Vulnerabilities in the Cisco Video Surveillance Manager
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system.
More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is available at
Cisco
Multiple Vulnerabilities in the Cisco Video Surveillance Manager
vendor_cisco
CVE-2013-3431 Multiple Vulnerabilities in the Cisco Video Surveillance Manager
CVE-2013-3431: Multiple Vulnerabilities in the Cisco Video Surveillance Manager
The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. More information on Cisco VSM can be found at http://www.cisco.com/en/US/products/ps10818/index.html . Cisco has released software updates that address these vulnerabilities.
CWE: CWE-22, CWE-287, CWE-22, CWE-287
Bug IDs: CSCsv37163, CSCsv37288, CSCsv40169
GHSA
GHSA-f4x4-q95w-jp8r: Cisco Video Surveillance Manager (VSM) before 7
ghsa_unreviewed·2022-05-17
CVE-2013-3431 [HIGH] CWE-287 GHSA-f4x4-q95w-jp8r: Cisco Video Surveillance Manager (VSM) before 7
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
No detection rules found.
No writeups or analysis indexed.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsmhttp://www.securityfocus.com/bid/61431http://www.securitytracker.com/id/1028827https://exchange.xforce.ibmcloud.com/vulnerabilities/85945http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsmhttp://www.securityfocus.com/bid/61431http://www.securitytracker.com/id/1028827https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
2013-07-25
Published