VIR Vulnerability Intelligence Relay

CVE-2013-3431

high
Published 2013-07-25 · Modified 2026-04-29
CVSS v3
CVSS v2
7.8
VIR risk
7.8

Description

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm

Application impact
VendorProductVersionsFixed
ciscovideo_surveillance_manager{"endIncluding":"6.3.3"}
ciscovideo_surveillance_manager1.1.0
ciscovideo_surveillance_manager1.2.1
ciscovideo_surveillance_manager2.0.0
ciscovideo_surveillance_manager2.1
ciscovideo_surveillance_manager2.1.2
ciscovideo_surveillance_manager2.1.3
ciscovideo_surveillance_manager2.1.4
ciscovideo_surveillance_manager2.1.6
ciscovideo_surveillance_manager2.1.7
ciscovideo_surveillance_manager2.3.0
ciscovideo_surveillance_manager2.3.1
ciscovideo_surveillance_manager4.0.1
ciscovideo_surveillance_manager4.2.0
ciscovideo_surveillance_manager4.2.1
ciscovideo_surveillance_manager6.3
ciscovideo_surveillance_manager6.3.1
ciscovideo_surveillance_manager6.3.2

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.