VAR-201311-0075
Vulnerability from variot - Updated: 2025-04-11 23:15The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. Vendors have confirmed this vulnerability Bug ID CSCug65664 It is released as.A third party may obtain important information through a direct request. Cisco Server Provisioner Software is prone to an access-bypass vulnerability. Successfully exploiting this issue may allow an attacker to gain access to certain arbitrary files. Information obtained may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCug65664. The software supports systems that automate provisioning, recovery, and cloning of servers, reducing deployment time and operating costs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "server provisioner",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.3.0"
},
{
"model": "server provisioner",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "server provisioner",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "6.4.0"
},
{
"model": "server provisioner",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "6.4.0 patch 5-1301292331"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:server_provisioner",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "63730"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3407",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-63409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-3407",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-236",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63409",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63409"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. Vendors have confirmed this vulnerability Bug ID CSCug65664 It is released as.A third party may obtain important information through a direct request. Cisco Server Provisioner Software is prone to an access-bypass vulnerability. \nSuccessfully exploiting this issue may allow an attacker to gain access to certain arbitrary files. Information obtained may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCug65664. The software supports systems that automate provisioning, recovery, and cloning of servers, reducing deployment time and operating costs",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3407"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "BID",
"id": "63730"
},
{
"db": "VULHUB",
"id": "VHN-63409"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3407",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-236",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20131114 CISCO SERVER PROVISIONER WEB INTERFACE INFORMATION DISCLOSURE VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "63730",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-63409",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63409"
},
{
"db": "BID",
"id": "63730"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"id": "VAR-201311-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63409"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:15:24.419000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Server Provisioner Web Interface Information Disclosure Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3407"
},
{
"title": "31776",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31776"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63409"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3407"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31776"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3407"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3407"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63409"
},
{
"db": "BID",
"id": "63730"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63409"
},
{
"db": "BID",
"id": "63730"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-18T00:00:00",
"db": "VULHUB",
"id": "VHN-63409"
},
{
"date": "2013-11-14T00:00:00",
"db": "BID",
"id": "63730"
},
{
"date": "2013-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"date": "2013-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"date": "2013-11-18T03:55:05.570000",
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-19T00:00:00",
"db": "VULHUB",
"id": "VHN-63409"
},
{
"date": "2013-11-19T01:08:00",
"db": "BID",
"id": "63730"
},
{
"date": "2013-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005151"
},
{
"date": "2013-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-236"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-3407"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Server Provisioner of Web Vulnerabilities that capture important information in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005151"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-236"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…