Details of VAR-201309-0233

ID

VAR-201309-0233

CVE

CVE-2013-3473

TITLE

Cisco Prime Central for Hosted Collaboration Solution Assurance of Web Vulnerability to get user name and password in the framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-004276

DESCRIPTION

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. Vendors have confirmed this vulnerability Bug ID CSCud32600 It is released as.By a third party HTTP User name and password may be obtained through the request. Cisco Prime Central for HCS Assurance is prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow an attacker to gain access to sensitive information on the affected system. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCud32600. The platform provides functions such as secure access authentication and real-time fault analysis

Trust: 1.98

sources: NVD: CVE-2013-3473 // JVNDB: JVNDB-2013-004276 // BID: 62489 // VULHUB: VHN-63475

AFFECTED PRODUCTS

vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	1.0.1	Trust: 1.6
vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	1.0	Trust: 1.6
vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	8.6	Trust: 1.6
vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	9.0	Trust: 1.6
vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	lte	version:	9.1	Trust: 1.0
vendor:	cisco	model:	prime central for hcs assurance	scope:	lte	version:	1.1	Trust: 0.8
vendor:	cisco	model:	prime central for hosted collaboration solution assurance	scope:	eq	version:	9.1	Trust: 0.6

sources: JVNDB: JVNDB-2013-004276 // CNNVD: CNNVD-201309-363 // NVD: CVE-2013-3473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3473
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-3473
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201309-363
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63475
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3473
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63475
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63475 // JVNDB: JVNDB-2013-004276 // CNNVD: CNNVD-201309-363 // NVD: CVE-2013-3473

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-63475 // JVNDB: JVNDB-2013-004276 // NVD: CVE-2013-3473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-363

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201309-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004276

PATCH

title:	30636	url:	http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=30636	Trust: 0.8
title:	cisco-sa-20130918-pc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-pc	Trust: 0.8
title:	30759	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30759	Trust: 0.8
title:	cisco-sa-20130918-pc	url:	http://www.cisco.com/cisco/web/support/JP/111/1119/1119824_cisco-sa-20130918-pc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004276

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3473	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004276	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-363	Trust: 0.7
db:	CISCO	id:	20130918 CISCO PRIME CENTRAL FOR HOSTED COLLABORATION SOLUTION ASSURANCE UNAUTHENTICATED USERNAME AND PASSWORD ENUMERATION VULNERABILITY	Trust: 0.6
db:	BID	id:	62489	Trust: 0.4
db:	VULHUB	id:	VHN-63475	Trust: 0.1

sources: VULHUB: VHN-63475 // BID: 62489 // JVNDB: JVNDB-2013-004276 // CNNVD: CNNVD-201309-363 // NVD: CVE-2013-3473

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130918-pc	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3473	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3473	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps12491/index.html	Trust: 0.3

sources: VULHUB: VHN-63475 // BID: 62489 // JVNDB: JVNDB-2013-004276 // CNNVD: CNNVD-201309-363 // NVD: CVE-2013-3473

CREDITS

Ben Williams of NCC Research

Trust: 0.3

sources: BID: 62489

SOURCES

db:	VULHUB	id:	VHN-63475
db:	BID	id:	62489
db:	JVNDB	id:	JVNDB-2013-004276
db:	CNNVD	id:	CNNVD-201309-363
db:	NVD	id:	CVE-2013-3473

LAST UPDATE DATE

2025-04-11T23:02:56.177000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63475	date:	2013-09-23T00:00:00
db:	BID	id:	62489	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004276	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-363	date:	2013-09-25T00:00:00
db:	NVD	id:	CVE-2013-3473	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63475	date:	2013-09-20T00:00:00
db:	BID	id:	62489	date:	2013-09-18T00:00:00
db:	JVNDB	id:	JVNDB-2013-004276	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-363	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-3473	date:	2013-09-20T18:55:09.830