Cisco 9900 Series Phone Arbitrary File Download (CVE-2013-3426)

medium Tenable OT Security Plugin ID 502104


The remote OT asset is affected by a vulnerability.


The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.

This plugin only works with Tenable.ot.
Please visit for more information.


Refer to the vendor advisory.

See Also

Plugin Details

Severity: Medium

ID: 502104

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 3/18/2024

Updated: 3/18/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Low

Score: 3.4


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-3426

Vulnerability Information

CPE: cpe:/o:cisco:unified_ip_phones_9900_series_firmware:-

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2013

Vulnerability Publication Date: 7/18/2013

Reference Information

CVE: CVE-2013-3426

CWE: 264