Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Central for Hosted Collaboration Solution Directory Traversal Vulnerability

Cisco-SA-20130501-CVE-2013-1156 · Medium · Published · Updated

A vulnerability in Cisco Prime Central for Hosted Collaboration Solution could allow an unauthenticated, remote attacker to view system files. The vulnerability is due to insufficient path traversal prevention. An attacker could exploit this vulnerability by submitting a crafted URL. An exploit could allow the attacker to view system files. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions in an attempt to persuade a user to follow the malicious link. Customers are advised to review the bug report in the Vendor Announcements section for a current list of affected versions.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1156
Cisco Bug IDsCSCud51034
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C
Product Names From Source
Cisco Prime Collaboration

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Prime Collaboration known_affected cisco_csaf CVE-2013-1156 1

Related Products

Product CVE Evidence
Cisco Prime Central CVE-2013-1156 Cisco OpenVuln
Cisco Prime Central for Hosted Collaboration Solution CVE-2013-1156 Cisco OpenVuln
Cisco Prime Collaboration CVE-2013-1156 Cisco OpenVuln