CVE-2013-3473

The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
ciscoprime_central_for_hosted_collaboration_solution_assurance
𝑥
≤ 9.1
ciscoprime_central_for_hosted_collaboration_solution_assurance
1.0
ciscoprime_central_for_hosted_collaboration_solution_assurance
1.0.1
ciscoprime_central_for_hosted_collaboration_solution_assurance
8.6
ciscoprime_central_for_hosted_collaboration_solution_assurance
9.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-pc
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-pc