Detections
Analytics
Cisco Video Surveillance Manager Multiple Vulnerabilities (cisco-sa-20130724-vsm)
high Nessus Plugin ID 69856
Language:
Synopsis
The remote host is missing a vendor-supplied security patch.Description
According to its self-reported version, the version of Cisco Video Surveillance Manager installed on the remote host is affected by multiple vulnerabilities :- The application is affected by a directory traversal vulnerability because Cisco VSM does not properly validate user-supplied input to the 'monitor/logselect.php' and 'read_log.jsp' scripts.
This can allow a remote, unauthorized attacker to gain access to arbitrary files on the remote host by sending a specially crafted request. (CVE-2013-3429)
- The application allows access to sensitive data without requiring authentication. Data such as configuration, monitoring pages archives, and system logs can be accessed by attackers without requiring authentication.
(CVE-2013-3430, CVE-2013-3431)
Solution
Upgrade to Cisco Video Surveillance Manager 7.0.0 or later.See Also
Plugin Details
Severity: High
ID: 69856
File Name: cisco-sa-20130724-vsm.nasl
Version: 1.7
Type: remote
Family: CISCO
Published: 9/12/2013
Updated: 3/27/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P
CVSS Score Source: CVE-2013-3430
CVSS v3
Risk Factor: High
Base Score: 8.6
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:cisco:video_surveillance_manager
Required KB Items: installed_sw/Cisco Video Surveillance Management Console
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 7/24/2013
Vulnerability Publication Date: 3/13/2013
Reference Information
CVE: CVE-2013-3429, CVE-2013-3430, CVE-2013-3431
CISCO-SA: cisco-sa-20130724-vsm