VAR-201306-0174
Vulnerability from variot - Updated: 2025-04-11 23:18The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. Vendors have confirmed this vulnerability Bug ID CSCuh64574 It is released as.A third party may enumerate directories and files through crafted requests. Cisco Prime Central for Hosted Collaboration Solution is prone to a remote information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCuh64574. Cisco Prime Central for Hosted Collaboration Solution 9.1.1 and prior are vulnerable. The platform provides functions such as secure access authentication and real-time fault analysis. The vulnerability stems from a request for an arbitrary pathname. The program returns a different response depending on whether the requested pathname exists
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201306-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime central for hosted collaboration solution",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "prime central for hcs assurance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1"
},
{
"model": "prime central for hcs assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1"
},
{
"model": "prime central for hcs assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "prime central for hcs assurance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
}
],
"sources": [
{
"db": "BID",
"id": "60821"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:prime_central_for_hosted_collaboration_solution_assurance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "60821"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3398",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-63400",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3398",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3398",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201306-491",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63400",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63400"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574. Vendors have confirmed this vulnerability Bug ID CSCuh64574 It is released as.A third party may enumerate directories and files through crafted requests. Cisco Prime Central for Hosted Collaboration Solution is prone to a remote information-disclosure vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information. This may result in further attacks. \nThis issue is tracked by Cisco Bug ID CSCuh64574. \nCisco Prime Central for Hosted Collaboration Solution 9.1.1 and prior are vulnerable. The platform provides functions such as secure access authentication and real-time fault analysis. The vulnerability stems from a request for an arbitrary pathname. The program returns a different response depending on whether the requested pathname exists",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3398"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "BID",
"id": "60821"
},
{
"db": "VULHUB",
"id": "VHN-63400"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3398",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201306-491",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130626 CISCO PRIME FOR HCS ASSURANCE INFORMATION DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "60821",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-63400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63400"
},
{
"db": "BID",
"id": "60821"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"id": "VAR-201306-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63400"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:18:54.674000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Prime for HCS Assurance Information Disclosure Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3398"
},
{
"title": "29801",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=29801"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63400"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3398"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3398"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3398"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps12491/index.html"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=29801"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63400"
},
{
"db": "BID",
"id": "60821"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63400"
},
{
"db": "BID",
"id": "60821"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-63400"
},
{
"date": "2013-06-26T00:00:00",
"db": "BID",
"id": "60821"
},
{
"date": "2013-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"date": "2013-06-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"date": "2013-06-26T21:55:04.360000",
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-06-27T00:00:00",
"db": "VULHUB",
"id": "VHN-63400"
},
{
"date": "2013-06-26T00:00:00",
"db": "BID",
"id": "60821"
},
{
"date": "2013-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003147"
},
{
"date": "2013-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201306-491"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime for HCS Assurance of Web Directory and file enumeration vulnerability in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003147"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201306-491"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…