Details of VAR-201306-0174

ID

VAR-201306-0174

CVE

CVE-2013-3398

TITLE

Cisco Prime for HCS Assurance of Web Directory and file enumeration vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-003147

DESCRIPTION

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. Vendors have confirmed this vulnerability Bug ID CSCuh64574 It is released as.A third party may enumerate directories and files through crafted requests. Cisco Prime Central for Hosted Collaboration Solution is prone to a remote information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCuh64574. Cisco Prime Central for Hosted Collaboration Solution 9.1.1 and prior are vulnerable. The platform provides functions such as secure access authentication and real-time fault analysis. The vulnerability stems from a request for an arbitrary pathname. The program returns a different response depending on whether the requested pathname exists

Trust: 1.98

sources: NVD: CVE-2013-3398 // JVNDB: JVNDB-2013-003147 // BID: 60821 // VULHUB: VHN-63400

AFFECTED PRODUCTS

vendor:	cisco	model:	prime central for hosted collaboration solution	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	prime central for hcs assurance	scope:	lte	version:	9.1.1	Trust: 0.8
vendor:	cisco	model:	prime central for hcs assurance	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	cisco	model:	prime central for hcs assurance	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	prime central for hcs assurance	scope:	eq	version:	8.6	Trust: 0.3

sources: BID: 60821 // JVNDB: JVNDB-2013-003147 // CNNVD: CNNVD-201306-491 // NVD: CVE-2013-3398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3398
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3398
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201306-491
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63400
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3398
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63400
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63400 // JVNDB: JVNDB-2013-003147 // CNNVD: CNNVD-201306-491 // NVD: CVE-2013-3398

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-63400 // JVNDB: JVNDB-2013-003147 // NVD: CVE-2013-3398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-491

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201306-491

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003147

PATCH

title:	Cisco Prime for HCS Assurance Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3398	Trust: 0.8
title:	29801	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29801	Trust: 0.8

sources: JVNDB: JVNDB-2013-003147

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3398	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-003147	Trust: 0.8
db:	CNNVD	id:	CNNVD-201306-491	Trust: 0.7
db:	CISCO	id:	20130626 CISCO PRIME FOR HCS ASSURANCE INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BID	id:	60821	Trust: 0.4
db:	VULHUB	id:	VHN-63400	Trust: 0.1

sources: VULHUB: VHN-63400 // BID: 60821 // JVNDB: JVNDB-2013-003147 // CNNVD: CNNVD-201306-491 // NVD: CVE-2013-3398

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3398	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3398	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3398	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12491/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29801	Trust: 0.3

sources: VULHUB: VHN-63400 // BID: 60821 // JVNDB: JVNDB-2013-003147 // CNNVD: CNNVD-201306-491 // NVD: CVE-2013-3398

CREDITS

Cisco

Trust: 0.3

sources: BID: 60821

SOURCES

db:	VULHUB	id:	VHN-63400
db:	BID	id:	60821
db:	JVNDB	id:	JVNDB-2013-003147
db:	CNNVD	id:	CNNVD-201306-491
db:	NVD	id:	CVE-2013-3398

LAST UPDATE DATE

2025-04-11T23:18:54.674000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63400	date:	2013-06-27T00:00:00
db:	BID	id:	60821	date:	2013-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2013-003147	date:	2013-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201306-491	date:	2013-07-03T00:00:00
db:	NVD	id:	CVE-2013-3398	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63400	date:	2013-06-26T00:00:00
db:	BID	id:	60821	date:	2013-06-26T00:00:00
db:	JVNDB	id:	JVNDB-2013-003147	date:	2013-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201306-491	date:	2013-06-26T00:00:00
db:	NVD	id:	CVE-2013-3398	date:	2013-06-26T21:55:04.360