Details of VAR-201311-0075

ID

VAR-201311-0075

CVE

CVE-2013-3407

TITLE

Cisco Server Provisioner of Web Vulnerabilities that capture important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-005151

DESCRIPTION

The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. Vendors have confirmed this vulnerability Bug ID CSCug65664 It is released as.A third party may obtain important information through a direct request. Cisco Server Provisioner Software is prone to an access-bypass vulnerability. Successfully exploiting this issue may allow an attacker to gain access to certain arbitrary files. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCug65664. The software supports systems that automate provisioning, recovery, and cloning of servers, reducing deployment time and operating costs

Trust: 1.98

sources: NVD: CVE-2013-3407 // JVNDB: JVNDB-2013-005151 // BID: 63730 // VULHUB: VHN-63409

AFFECTED PRODUCTS

vendor:	cisco	model:	server provisioner	scope:	eq	version:	6.3.0	Trust: 1.6
vendor:	cisco	model:	server provisioner	scope:	eq	version:	6.4.0	Trust: 1.6
vendor:	cisco	model:	server provisioner	scope:	lte	version:	6.4.0	Trust: 1.0
vendor:	cisco	model:	server provisioner	scope:	lte	version:	6.4.0 patch 5-1301292331	Trust: 0.8

sources: JVNDB: JVNDB-2013-005151 // CNNVD: CNNVD-201311-236 // NVD: CVE-2013-3407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3407
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3407
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201311-236
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63409
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3407
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63409
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63409 // JVNDB: JVNDB-2013-005151 // CNNVD: CNNVD-201311-236 // NVD: CVE-2013-3407

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-63409 // JVNDB: JVNDB-2013-005151 // NVD: CVE-2013-3407

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201311-236

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201311-236

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005151

PATCH

title:	Cisco Server Provisioner Web Interface Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3407	Trust: 0.8
title:	31776	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31776	Trust: 0.8

sources: JVNDB: JVNDB-2013-005151

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3407	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-005151	Trust: 0.8
db:	CNNVD	id:	CNNVD-201311-236	Trust: 0.7
db:	CISCO	id:	20131114 CISCO SERVER PROVISIONER WEB INTERFACE INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	BID	id:	63730	Trust: 0.4
db:	VULHUB	id:	VHN-63409	Trust: 0.1

sources: VULHUB: VHN-63409 // BID: 63730 // JVNDB: JVNDB-2013-005151 // CNNVD: CNNVD-201311-236 // NVD: CVE-2013-3407

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3407	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31776	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3407	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3407	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-63409 // BID: 63730 // JVNDB: JVNDB-2013-005151 // CNNVD: CNNVD-201311-236 // NVD: CVE-2013-3407

CREDITS

Cisco

Trust: 0.3

sources: BID: 63730

SOURCES

db:	VULHUB	id:	VHN-63409
db:	BID	id:	63730
db:	JVNDB	id:	JVNDB-2013-005151
db:	CNNVD	id:	CNNVD-201311-236
db:	NVD	id:	CVE-2013-3407

LAST UPDATE DATE

2025-04-11T23:15:24.419000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63409	date:	2013-11-19T00:00:00
db:	BID	id:	63730	date:	2013-11-19T01:08:00
db:	JVNDB	id:	JVNDB-2013-005151	date:	2013-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201311-236	date:	2013-11-21T00:00:00
db:	NVD	id:	CVE-2013-3407	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63409	date:	2013-11-18T00:00:00
db:	BID	id:	63730	date:	2013-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2013-005151	date:	2013-11-20T00:00:00
db:	CNNVD	id:	CNNVD-201311-236	date:	2013-11-21T00:00:00
db:	NVD	id:	CVE-2013-3407	date:	2013-11-18T03:55:05.570