Cisco-SA-20130910-CVE-2013-5489

Cisco SocialMiner Sensitive Information GET Request Vulnerability

Cisco-SA-20130910-CVE-2013-5489 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in some of the gadgets of Cisco SocialMiner could allow an unauthenticated, remote attacker to collect sensitive information. The vulnerability is due to sensitive information being transmitted within a gadget's GET request. An attacker could exploit this vulnerability by capturing the GET request of a SocialMiner gadget. An exploit could allow the attacker to collect sensitive information of the user authenticated to the affected system. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, an attacker must be in the position to capture a GET request of a SocialMiner agent. Typically, these systems would reside on trusted, internal networks, in which an attacker would likely need access. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEs	CVE-2013-5489
Cisco Bug IDs	CSCuh74125
CVSS Score	Base 5.0 Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
Product Names From Source	Cisco SocialMiner

Related Products

Product	CVE	Evidence

Vulnslist

find the latest Cisco vulnerabilities

Cisco SocialMiner Sensitive Information GET Request Vulnerability

Workarounds

Related Products