Details of VAR-201302-0396

ID

VAR-201302-0396

CVE

CVE-2013-1139

TITLE

Cisco Cloud Portal of nsAPI Vulnerabilities that capture important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-001699

DESCRIPTION

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. Cisco Cloud Portal of nsAPI The interface contains a vulnerability where information can be obtained. The problem is Bug ID CSCud81134 It is a problem.Crafted by remotely authenticated users URL You may get important information through. A successful exploit of this issue allows an attacker to gain access to certain local files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCud81134. Remote authentication attackers exploit this vulnerability to obtain sensitive information through specially crafted URLs

Trust: 1.98

sources: NVD: CVE-2013-1139 // JVNDB: JVNDB-2013-001699 // BID: 58174 // VULHUB: VHN-61141

AFFECTED PRODUCTS

vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3	Trust: 1.9
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3.1	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3.2	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.1	Trust: 1.6
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.1 sp1 and sp2	Trust: 0.8
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.3 to 9.3.2	Trust: 0.8
vendor:	cisco	model:	cloud portal	scope:	eq	version:	9.4	Trust: 0.3

sources: BID: 58174 // JVNDB: JVNDB-2013-001699 // CNNVD: CNNVD-201302-584 // NVD: CVE-2013-1139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1139
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1139
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201302-584
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61141
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1139
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61141
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61141 // JVNDB: JVNDB-2013-001699 // CNNVD: CNNVD-201302-584 // NVD: CVE-2013-1139

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61141 // JVNDB: JVNDB-2013-001699 // NVD: CVE-2013-1139

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-584

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201302-584

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001699

PATCH

title:	Cisco Cloud Portal Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1139	Trust: 0.8
title:	28387	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28387	Trust: 0.8

sources: JVNDB: JVNDB-2013-001699

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1139	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-001699	Trust: 0.8
db:	CNNVD	id:	CNNVD-201302-584	Trust: 0.7
db:	NSFOCUS	id:	22755	Trust: 0.6
db:	SECUNIA	id:	52376	Trust: 0.6
db:	CISCO	id:	20130225 CISCO CLOUD PORTAL INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BID	id:	58174	Trust: 0.4
db:	VULHUB	id:	VHN-61141	Trust: 0.1

sources: VULHUB: VHN-61141 // BID: 58174 // JVNDB: JVNDB-2013-001699 // CNNVD: CNNVD-201302-584 // NVD: CVE-2013-1139

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1139	Trust: 2.0
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=28387	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1139	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1139	Trust: 0.8
url:	http://secunia.com/advisories/52376	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/22755	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps11927/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61141 // BID: 58174 // JVNDB: JVNDB-2013-001699 // CNNVD: CNNVD-201302-584 // NVD: CVE-2013-1139

CREDITS

Cisco

Trust: 0.3

sources: BID: 58174

SOURCES

db:	VULHUB	id:	VHN-61141
db:	BID	id:	58174
db:	JVNDB	id:	JVNDB-2013-001699
db:	CNNVD	id:	CNNVD-201302-584
db:	NVD	id:	CVE-2013-1139

LAST UPDATE DATE

2025-04-11T23:17:17.515000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61141	date:	2013-02-27T00:00:00
db:	BID	id:	58174	date:	2013-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-001699	date:	2013-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201302-584	date:	2013-03-01T00:00:00
db:	NVD	id:	CVE-2013-1139	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61141	date:	2013-02-27T00:00:00
db:	BID	id:	58174	date:	2013-02-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-001699	date:	2013-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201302-584	date:	2013-02-27T00:00:00
db:	NVD	id:	CVE-2013-1139	date:	2013-02-27T00:55:01.330