Sign-up

ID

VAR-201311-0074


CVE

CVE-2013-3406


TITLE

Cisco Services Portal of Cisco Intelligent Automation for Cloud Vulnerability in reading arbitrary files in components

Trust: 0.8

sources: JVNDB: JVNDB-2013-005150

DESCRIPTION

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687. An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug ID CSCug65687. The solution provides effective IT management in cloud environments and supports all cloud models as well as virtual and physical infrastructures

Trust: 1.98

sources: NVD: CVE-2013-3406 // JVNDB: JVNDB-2013-005150 // BID: 63735 // VULHUB: VHN-63408

AFFECTED PRODUCTS

vendor:ciscomodel:service portalscope:eqversion:9.4.1

Trust: 1.6

vendor:ciscomodel:services portalscope:eqversion:9.4(.1)

Trust: 0.8

sources: JVNDB: JVNDB-2013-005150 // CNNVD: CNNVD-201311-235 // NVD: CVE-2013-3406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3406
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3406
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63408
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3406
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63408
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63408 // JVNDB: JVNDB-2013-005150 // CNNVD: CNNVD-201311-235 // NVD: CVE-2013-3406

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-63408 // JVNDB: JVNDB-2013-005150 // NVD: CVE-2013-3406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-235

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201311-235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005150

PATCH
title:Cisco Services Portal File Download Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3406
Trust: 0.8
title:31775url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31775
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005150

EXTERNAL IDS
db:NVDid:CVE-2013-3406
Trust: 2.8
db:JVNDBid:JVNDB-2013-005150
Trust: 0.8
db:CNNVDid:CNNVD-201311-235
Trust: 0.7
db:CISCOid:20131114 CISCO SERVICES PORTAL FILE DOWNLOAD VULNERABILITY
Trust: 0.6
db:BIDid:63735
Trust: 0.4
db:VULHUBid:VHN-63408
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63408 // 
            
            
            
            BID: 63735 // 
            
            
            
            JVNDB: JVNDB-2013-005150 // 
            
            
            
            CNNVD: CNNVD-201311-235 // 
            
            
            
            NVD: CVE-2013-3406

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3406
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31775
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3406
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3406
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63408 // 
            
            
            
            BID: 63735 // 
            
            
            
            JVNDB: JVNDB-2013-005150 // 
            
            
            
            CNNVD: CNNVD-201311-235 // 
            
            
            
            NVD: CVE-2013-3406

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63735

SOURCES
db:VULHUBid:VHN-63408
db:BIDid:63735
db:JVNDBid:JVNDB-2013-005150
db:CNNVDid:CNNVD-201311-235
db:NVDid:CVE-2013-3406

LAST UPDATE DATE
2025-04-11T22:48:32.785000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63408date:2013-11-19T00:00:00
db:BIDid:63735date:2013-11-19T01:16:00
db:JVNDBid:JVNDB-2013-005150date:2013-11-20T00:00:00
db:CNNVDid:CNNVD-201311-235date:2013-11-21T00:00:00
db:NVDid:CVE-2013-3406date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-63408date:2013-11-18T00:00:00
db:BIDid:63735date:2013-11-14T00:00:00
db:JVNDBid:JVNDB-2013-005150date:2013-11-20T00:00:00
db:CNNVDid:CNNVD-201311-235date:2013-11-21T00:00:00
db:NVDid:CVE-2013-3406date:2013-11-18T03:55:05.540