VAR-201310-0203
Vulnerability from variot - Updated: 2025-04-11 22:55The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks. This issue is being tracked by Cisco bug IDs CSCuh33735 and CSCuh34230. The platform provides functions such as secure access authentication and real-time fault analysis. A remote attacker could exploit this vulnerability by accessing a file to obtain credentials and gain access to internal application components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0203",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime central for hosted collaboration solution",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "prime central for hcs assurance",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "9.2.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:prime_central_for_hosted_collaboration_solution_assurance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "62924"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CVE-2013-3409",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "VHN-63411",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3409",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63411",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63411"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230. \nSuccessful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks. \nThis issue is being tracked by Cisco bug IDs CSCuh33735 and CSCuh34230. The platform provides functions such as secure access authentication and real-time fault analysis. A remote attacker could exploit this vulnerability by accessing a file to obtain credentials and gain access to internal application components",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3409"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "BID",
"id": "62924"
},
{
"db": "VULHUB",
"id": "VHN-63411"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3409",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20131009 CISCO PRIME CENTRAL FOR HCS PORTAL CREDENTIALS ACCESS VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "62924",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-63411",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63411"
},
{
"db": "BID",
"id": "62924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"id": "VAR-201310-0203",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63411"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:55:55.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Prime Central for HCS Portal Credentials Access Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3409"
},
{
"title": "31202",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31202"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63411"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3409"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3409"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3409"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63411"
},
{
"db": "BID",
"id": "62924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63411"
},
{
"db": "BID",
"id": "62924"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-63411"
},
{
"date": "2013-10-09T00:00:00",
"db": "BID",
"id": "62924"
},
{
"date": "2013-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"date": "2013-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"date": "2013-10-10T10:55:06.317000",
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-63411"
},
{
"date": "2013-10-09T00:00:00",
"db": "BID",
"id": "62924"
},
{
"date": "2013-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004590"
},
{
"date": "2013-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-141"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "62924"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hosted Collaboration Solution for Cisco Prime Central Vulnerabilities in which important information is obtained in the portal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-141"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…