CVE-2013-3398: Infoleak
First published: Wed Jun 26 2013(Updated: )
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, which allows remote attackers to enumerate directories and files via a series of crafted requests, aka Bug ID CSCuh64574.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Central for Hosted Collaboration Solution |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-3398?
CVE-2013-3398 is classified as a medium severity vulnerability.
How do I fix CVE-2013-3398?
To fix CVE-2013-3398, ensure you apply the latest security patches provided by Cisco for the affected software.
What types of attacks can CVE-2013-3398 enable?
CVE-2013-3398 enables remote attackers to enumerate directories and files on the server.
Which versions of Cisco Prime Central for Hosted Collaboration Solution are affected by CVE-2013-3398?
CVE-2013-3398 affects all versions of Cisco Prime Central for Hosted Collaboration Solution prior to the security fixes.
What can I do to mitigate risks associated with CVE-2013-3398?
To mitigate risks, restrict access to the affected system and monitor for unauthorized access attempts.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- vendor/cisco
- canonical/cisco prime central for hosted collaboration solution