Vulnslist

find the latest Cisco vulnerabilities

Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability

Cisco-SA-20130913-CVE-2013-5492 · Medium · Published · Updated

A vulnerability in the administration.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability exists because the affected software implements an insecure HTTP connection between a Cisco SocialMiner client and server when handling the administration.jsp page. An attacker could exploit this vulnerability with commonly available tools by intercepting HTTP traffic between the Cisco SocialMiner client and server. A successful exploit could allow the attacker to access sensitive information related to the authenticated user of the affected software. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit this vulnerability, an attacker must be in the position to capture HTTP traffic between a SocialMiner client and server. Typically, these systems would reside on trusted, internal networks, in which an attacker would likely need access. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-5492
Cisco Bug IDsCSCuh76780
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
Product Names From Source
Cisco SocialMiner

CSAF Product Statuses

Product Status Source CVE Rows
Cisco SocialMiner known_affected cisco_csaf CVE-2013-5492 1

Related Products

Product CVE Evidence
Cisco SocialMiner CVE-2013-5492 Cisco OpenVuln