CVE-2013-3407

Severity

50%

Complexity

99%

Confidentiality

48%

The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Cisco Server Provisioner 6.4.0

First reported 11 years ago

2013-11-18 03:55:00

Last updated 11 years ago

2013-11-19 18:57:00

Affected Software

Cisco Server Provisioner 6.4.0 Patch 1204040128

6.4.0

Cisco Server Provisioner 6.4.0 Patch 2-1112122225

6.4.0

Cisco Server Provisioner 6.4.0 Patch 3-1208021049

6.4.0

References

20131114 Cisco Server Provisioner Web Interface Information Disclosure Vulnerability

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=31776

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2013-3407

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 11 years ago

Last updated 11 years ago

Affected Software

Cisco Server Provisioner 6.4.0 Patch 1204040128

Cisco Server Provisioner 6.4.0 Patch 2-1112122225

Cisco Server Provisioner 6.4.0 Patch 3-1208021049

References

20131114 Cisco Server Provisioner Web Interface Information Disclosure Vulnerability

http://tools.cisco.com/security/center/viewAlert.x?alertId=31776

Stay updated

Get in touch