This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch.
According to its self-reported version, the version of Cisco Video
Surveillance Manager installed on the remote host is affected by
multiple vulnerabilities :
- The application is affected by a directory traversal
vulnerability because Cisco VSM does not properly
validate user-supplied input to the
'monitor/logselect.php' and 'read_log.jsp' scripts.
This can allow a remote, unauthorized attacker to gain
access to arbitrary files on the remote host by sending
a specially crafted request. (CVE-2013-3429)
- The application allows access to sensitive data without
requiring authentication. Data such as configuration,
monitoring pages archives, and system logs can be
accessed by attackers without requiring authentication.
See also :
Upgrade to Cisco Video Surveillance Manager 7.0.0 or later.
Risk factor :
High / CVSS Base Score : 9.0
CVSS Temporal Score : 7.4
Public Exploit Available : true
Nessus Plugin ID: 69856 ()
Bugtraq ID: 614306143161432
CVE ID: CVE-2013-3429CVE-2013-3430CVE-2013-3431
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.