Lucene search

[email protected]CVE-2013-3409

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-3409

2022-10-0316:14:45

CWE-255

[email protected]

web.nvd.nist.gov

cve

2013

3409

cisco

prime central

hcs

cleartext credentials

vulnerability

bug ids

cscuh33735

cscuh34230

nvd

4.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak file permissions to read these files, aka Bug IDs CSCuh33735 and CSCuh34230.

Affected configurations

NVD

Node

ciscoprime_central_for_hosted_collaboration_solutionMatch-

CPENameOperatorVersion
cisco:prime_central_for_hosted_collaboration_solutioncisco prime central for hosted collaboration solutioneq-

CPE	Name	Operator	Version
cisco:prime_central_for_hosted_collaboration_solution	cisco prime central for hosted collaboration solution	eq	-

References

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3409

4.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-3409

cvelist1 cisco1 prion1 nvd1