Details of VAR-201307-0235

ID

VAR-201307-0235

CVE

CVE-2013-3408

TITLE

Cisco Virtualization Experience Client 6000 Vulnerability that can be obtained in the device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-003327

DESCRIPTION

The firmware on Cisco Virtualization Experience Client 6000 devices sets incorrect operating-system permissions, which allows local users to gain privileges via an unspecified sequence of commands, aka Bug ID CSCuc31764. Local attackers can exploit this issue to gain elevated privileges, which may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuc31764. The administrative web interface is a web management interface running on it

Trust: 1.98

sources: NVD: CVE-2013-3408 // JVNDB: JVNDB-2013-003327 // BID: 61027 // VULHUB: VHN-63410

AFFECTED PRODUCTS

vendor:	cisco	model:	virtualization experience client 6000 series	scope:	-	version:	-	Trust: 1.6
vendor:	cisco	model:	virtualization experience client 6000 series	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	virtualization experience client 6215	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	virtualization experience client 6000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	virtualization experience client 6215	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	virtualization experience client series	scope:	eq	version:	60000	Trust: 0.3

sources: BID: 61027 // JVNDB: JVNDB-2013-003327 // CNNVD: CNNVD-201307-214 // NVD: CVE-2013-3408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3408
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3408
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-214
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63410
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3408
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63410
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63410 // JVNDB: JVNDB-2013-003327 // CNNVD: CNNVD-201307-214 // NVD: CVE-2013-3408

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-63410 // JVNDB: JVNDB-2013-003327 // NVD: CVE-2013-3408

THREAT TYPE

local

Trust: 0.9

sources: BID: 61027 // CNNVD: CNNVD-201307-214

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-214

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003327

PATCH

title:	Cisco Virtualization Experience Client Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3408	Trust: 0.8
title:	29976	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29976	Trust: 0.8

sources: JVNDB: JVNDB-2013-003327

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3408	Trust: 2.8
db:	SECTRACK	id:	1028764	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003327	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-214	Trust: 0.7
db:	CISCO	id:	20130708 CISCO VIRTUALIZATION EXPERIENCE CLIENT PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	BID	id:	61027	Trust: 0.4
db:	VULHUB	id:	VHN-63410	Trust: 0.1

sources: VULHUB: VHN-63410 // BID: 61027 // JVNDB: JVNDB-2013-003327 // CNNVD: CNNVD-201307-214 // NVD: CVE-2013-3408

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3408	Trust: 2.0
url:	http://www.securitytracker.com/id/1028764	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3408	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3408	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps11976/tsd_products_support_series_home.html	Trust: 0.3

sources: VULHUB: VHN-63410 // BID: 61027 // JVNDB: JVNDB-2013-003327 // CNNVD: CNNVD-201307-214 // NVD: CVE-2013-3408

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 61027

SOURCES

db:	VULHUB	id:	VHN-63410
db:	BID	id:	61027
db:	JVNDB	id:	JVNDB-2013-003327
db:	CNNVD	id:	CNNVD-201307-214
db:	NVD	id:	CVE-2013-3408

LAST UPDATE DATE

2025-04-11T22:59:06.009000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63410	date:	2013-08-20T00:00:00
db:	BID	id:	61027	date:	2013-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-003327	date:	2013-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201307-214	date:	2014-02-26T00:00:00
db:	NVD	id:	CVE-2013-3408	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63410	date:	2013-07-10T00:00:00
db:	BID	id:	61027	date:	2013-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-003327	date:	2013-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201307-214	date:	2013-07-10T00:00:00
db:	NVD	id:	CVE-2013-3408	date:	2013-07-10T21:55:00.930