Details of VAR-201306-0163

ID

VAR-201306-0163

CVE

CVE-2013-3380

TITLE

Cisco Secure Access Control System of Access Control Server Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2013-002974

DESCRIPTION

The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. Vendors have confirmed this vulnerability Bug ID CSCue79279 It is released as.Remotely authenticated users can obtain important information through direct requests. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCue79279. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 2.52

sources: NVD: CVE-2013-3380 // JVNDB: JVNDB-2013-002974 // CNVD: CNVD-2013-07330 // BID: 60514 // VULHUB: VHN-63382

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-07330

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.9	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.8	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.7	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.6	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.5	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.3	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.2	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.11	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.10	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226.1	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.226	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.144	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.021	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.7	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.6	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.5	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.3	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.2	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.1	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40	Trust: 0.3

sources: CNVD: CNVD-2013-07330 // BID: 60514 // JVNDB: JVNDB-2013-002974 // CNNVD: CNNVD-201306-174 // NVD: CVE-2013-3380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3380
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3380
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-07330
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201306-174
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63382
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3380
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-07330
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-63382
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-07330 // VULHUB: VHN-63382 // JVNDB: JVNDB-2013-002974 // CNNVD: CNNVD-201306-174 // NVD: CVE-2013-3380

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-63382 // JVNDB: JVNDB-2013-002974 // NVD: CVE-2013-3380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-174

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201306-174

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002974

PATCH

title:	Cisco Access Control Server Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380	Trust: 0.8
title:	29629	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29629	Trust: 0.8
title:	Cisco Secure Access Control System (ACS) reports patches for viewing information disclosure vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/34599	Trust: 0.6

sources: CNVD: CNVD-2013-07330 // JVNDB: JVNDB-2013-002974

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3380	Trust: 3.4
db:	BID	id:	60514	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-002974	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-174	Trust: 0.7
db:	CNVD	id:	CNVD-2013-07330	Trust: 0.6
db:	CISCO	id:	20130610 CISCO ACCESS CONTROL SERVER PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-63382	Trust: 0.1

sources: CNVD: CNVD-2013-07330 // VULHUB: VHN-63382 // BID: 60514 // JVNDB: JVNDB-2013-002974 // CNNVD: CNNVD-201306-174 // NVD: CVE-2013-3380

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3380	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3380	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3380	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29629	Trust: 0.3

sources: CNVD: CNVD-2013-07330 // VULHUB: VHN-63382 // BID: 60514 // JVNDB: JVNDB-2013-002974 // CNNVD: CNNVD-201306-174 // NVD: CVE-2013-3380

CREDITS

Cisco

Trust: 0.3

sources: BID: 60514

SOURCES

db:	CNVD	id:	CNVD-2013-07330
db:	VULHUB	id:	VHN-63382
db:	BID	id:	60514
db:	JVNDB	id:	JVNDB-2013-002974
db:	CNNVD	id:	CNNVD-201306-174
db:	NVD	id:	CVE-2013-3380

LAST UPDATE DATE

2025-04-11T23:16:37.828000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-07330	date:	2013-08-29T00:00:00
db:	VULHUB	id:	VHN-63382	date:	2018-10-30T00:00:00
db:	BID	id:	60514	date:	2013-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002974	date:	2013-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201306-174	date:	2013-06-13T00:00:00
db:	NVD	id:	CVE-2013-3380	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-07330	date:	2013-06-17T00:00:00
db:	VULHUB	id:	VHN-63382	date:	2013-06-12T00:00:00
db:	BID	id:	60514	date:	2013-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002974	date:	2013-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201306-174	date:	2013-06-13T00:00:00
db:	NVD	id:	CVE-2013-3380	date:	2013-06-12T03:30:15.243