Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Central for HCS Portal Credentials Access Vulnerability

Cisco-SA-20131010-CVE-2013-3409 · Medium · Published · Updated

A vulnerability in Cisco Prime Central for HCS portal could allow an authenticated, local attacker to retrieve the credentials for accounts. The vulnerability is due to plaintext logging of credentials to temporary files with inadequate permissions. An attacker could exploit this vulnerability by accessing the files to acquire credentials and using them to access internal application components, such as the database. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. An attacker would need to authenticate and have local access to the targeted device. This access requirement decreases the likelihood of a successful attack.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to contact the vendor regarding future updates and releases.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-3409
Cisco Bug IDsCSCuh33735, CSCuh34230
CVSS ScoreBase 4.3
Base 4.3 AV:L/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:C
Product Names From Source
Cisco Prime Central for Hosted Collaboration Solution

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Prime Central for Hosted Collaboration Solution known_affected cisco_csaf CVE-2013-3409 1

Related Products

Product CVE Evidence
Cisco Prime Central CVE-2013-3409 Cisco OpenVuln
Cisco Prime Central for Hosted Collaboration Solution CVE-2013-3409 Cisco OpenVuln