| |
Vulnerability CVE-2013-3473
Published: 2013-09-20 Modified: 2013-09-21
| Description: |
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600. |
Type:
CWE-287 (Improper Authentication)
CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.8/10 |
6.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
None |
None |
References: |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-pc
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
