Sign-up

ID

VAR-201310-0203


CVE

CVE-2013-3409


TITLE

Hosted Collaboration Solution for Cisco Prime Central Vulnerabilities in which important information is obtained in the portal

Trust: 0.8

sources: JVNDB: JVNDB-2013-004590

DESCRIPTION

The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCuh33735 and CSCuh34230. The platform provides functions such as secure access authentication and real-time fault analysis. A remote attacker could exploit this vulnerability by accessing a file to obtain credentials and gain access to internal application components

Trust: 1.98

sources: NVD: CVE-2013-3409 // JVNDB: JVNDB-2013-004590 // BID: 62924 // VULHUB: VHN-63411

AFFECTED PRODUCTS

vendor:ciscomodel:prime central for hosted collaboration solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime central for hcs assurancescope:lteversion:9.2.1

Trust: 0.8

sources: JVNDB: JVNDB-2013-004590 // CNNVD: CNNVD-201310-141 // NVD: CVE-2013-3409

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3409
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3409
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-141
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63411
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3409
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63411
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63411 // JVNDB: JVNDB-2013-004590 // CNNVD: CNNVD-201310-141 // NVD: CVE-2013-3409

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-63411 // JVNDB: JVNDB-2013-004590 // NVD: CVE-2013-3409

THREAT TYPE

local

Trust: 0.9

sources: BID: 62924 // CNNVD: CNNVD-201310-141

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201310-141

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004590

PATCH
title:Cisco Prime Central for HCS Portal Credentials Access Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3409
Trust: 0.8
title:31202url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31202
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004590

EXTERNAL IDS
db:NVDid:CVE-2013-3409
Trust: 2.8
db:JVNDBid:JVNDB-2013-004590
Trust: 0.8
db:CNNVDid:CNNVD-201310-141
Trust: 0.7
db:CISCOid:20131009 CISCO PRIME CENTRAL FOR HCS PORTAL CREDENTIALS ACCESS VULNERABILITY
Trust: 0.6
db:BIDid:62924
Trust: 0.4
db:VULHUBid:VHN-63411
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63411 // 
            
            
            
            BID: 62924 // 
            
            
            
            JVNDB: JVNDB-2013-004590 // 
            
            
            
            CNNVD: CNNVD-201310-141 // 
            
            
            
            NVD: CVE-2013-3409

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3409
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3409
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3409
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63411 // 
            
            
            
            BID: 62924 // 
            
            
            
            JVNDB: JVNDB-2013-004590 // 
            
            
            
            CNNVD: CNNVD-201310-141 // 
            
            
            
            NVD: CVE-2013-3409

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62924

SOURCES
db:VULHUBid:VHN-63411
db:BIDid:62924
db:JVNDBid:JVNDB-2013-004590
db:CNNVDid:CNNVD-201310-141
db:NVDid:CVE-2013-3409

LAST UPDATE DATE
2025-04-11T22:55:55.434000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63411date:2013-10-10T00:00:00
db:BIDid:62924date:2013-10-09T00:00:00
db:JVNDBid:JVNDB-2013-004590date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-141date:2013-10-11T00:00:00
db:NVDid:CVE-2013-3409date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63411date:2013-10-10T00:00:00
db:BIDid:62924date:2013-10-09T00:00:00
db:JVNDBid:JVNDB-2013-004590date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-141date:2013-10-11T00:00:00
db:NVDid:CVE-2013-3409date:2013-10-10T10:55:06.317