Sign-up

ID

VAR-201312-0456


CVE

CVE-2013-6708


TITLE

Cisco Cloud Portal Vulnerable to reading unspecified types of files

Trust: 0.8

sources: JVNDB: JVNDB-2013-005471

DESCRIPTION

Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. An attacker can exploit this issue to download arbitrary files. Information obtained may aid in further attacks. This issue being tracked by Cisco Bug IDs CSCuj08426 and CSCui60889

Trust: 1.98

sources: NVD: CVE-2013-6708 // JVNDB: JVNDB-2013-005471 // BID: 64163 // VULHUB: VHN-66710

AFFECTED PRODUCTS

vendor:ciscomodel:cloud portalscope:eqversion:9.4

Trust: 2.4

sources: JVNDB: JVNDB-2013-005471 // CNNVD: CNNVD-201312-171 // NVD: CVE-2013-6708

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6708
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6708
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201312-171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66710
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6708
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66710
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66710 // JVNDB: JVNDB-2013-005471 // CNNVD: CNNVD-201312-171 // NVD: CVE-2013-6708

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-66710 // JVNDB: JVNDB-2013-005471 // NVD: CVE-2013-6708

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-171

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201312-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005471

PATCH
title:Cisco Cloud Portal Unauthenticated File Download Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6708
Trust: 0.8
title:32094url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32094
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005471

EXTERNAL IDS
db:NVDid:CVE-2013-6708
Trust: 2.8
db:BIDid:64163
Trust: 1.4
db:OSVDBid:100730
Trust: 1.1
db:SECTRACKid:1029450
Trust: 1.1
db:JVNDBid:JVNDB-2013-005471
Trust: 0.8
db:CNNVDid:CNNVD-201312-171
Trust: 0.7
db:CISCOid:20131209 CISCO CLOUD PORTAL UNAUTHENTICATED FILE DOWNLOAD VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-66710
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66710 // 
            
            
            
            BID: 64163 // 
            
            
            
            JVNDB: JVNDB-2013-005471 // 
            
            
            
            CNNVD: CNNVD-201312-171 // 
            
            
            
            NVD: CVE-2013-6708

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6708
Trust: 1.7
url:http://www.securityfocus.com/bid/64163
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32094
Trust: 1.1
url:http://osvdb.org/100730
Trust: 1.1
url:http://www.securitytracker.com/id/1029450
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/89492
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6708
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6708
Trust: 0.8
url:www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-66710 // 
            
            
            
            BID: 64163 // 
            
            
            
            JVNDB: JVNDB-2013-005471 // 
            
            
            
            CNNVD: CNNVD-201312-171 // 
            
            
            
            NVD: CVE-2013-6708

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64163

SOURCES
db:VULHUBid:VHN-66710
db:BIDid:64163
db:JVNDBid:JVNDB-2013-005471
db:CNNVDid:CNNVD-201312-171
db:NVDid:CVE-2013-6708

LAST UPDATE DATE
2025-04-11T23:10:34.782000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66710date:2017-08-29T00:00:00
db:BIDid:64163date:2013-12-10T10:17:00
db:JVNDBid:JVNDB-2013-005471date:2013-12-12T00:00:00
db:CNNVDid:CNNVD-201312-171date:2013-12-23T00:00:00
db:NVDid:CVE-2013-6708date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-66710date:2013-12-10T00:00:00
db:BIDid:64163date:2013-12-09T00:00:00
db:JVNDBid:JVNDB-2013-005471date:2013-12-12T00:00:00
db:CNNVDid:CNNVD-201312-171date:2013-12-23T00:00:00
db:NVDid:CVE-2013-6708date:2013-12-10T06:14:55.337