CVE-2013-3473
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-pc
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | prime_central_for_hosted_collaboration_solution_assurance | {"endIncluding":"9.1"} | |
| cisco | prime_central_for_hosted_collaboration_solution_assurance | 1.0 | |
| cisco | prime_central_for_hosted_collaboration_solution_assurance | 1.0.1 | |
| cisco | prime_central_for_hosted_collaboration_solution_assurance | 8.6 | |
| cisco | prime_central_for_hosted_collaboration_solution_assurance | 9.0 | |
References
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.