CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
68.4%
According to its self-reported version, the Cisco Finesse appliance is affected by an information disclosure vulnerability in HTTP queries due to insufficient encryption. An unauthenticated, remote attacker can exploit this, via capturing the HTTP query, to disclose potentially sensitive information.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(130060);
script_version("1.3");
script_cvs_date("Date: 2019/10/31 15:18:51");
script_cve_id("CVE-2013-3455");
script_xref(name:"CISCO-BUG-ID", value:"CSCug16732");
script_xref(name:"CISCO-SA", value:"Cisco-SA-20130812-CVE-2013-3455");
script_name(english:"Cisco Finesse Appliance User Data Information Disclosure Vulnerability (Cisco-SA-20130812-CVE-2013-3455)");
script_summary(english:"Checks the Cisco Finesse appliance version.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the Cisco Finesse appliance is affected by an information disclosure
vulnerability in HTTP queries due to insufficient encryption. An unauthenticated, remote attacker can exploit this, via
capturing the HTTP query, to disclose potentially sensitive information.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130812-CVE-2013-3455
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?73d2a99d");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCug16732");
script_set_attribute(attribute:"solution", value:
"Apply the patch or upgrade to the version recommended in Cisco bug ID CSCug16732");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-3455");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(200);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/08/12");
script_set_attribute(attribute:"patch_publication_date", value:"2013/08/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/21");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:finesse");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_voss_finesse_installed.nbin");
script_require_keys("installed_sw/Cisco VOSS Finesse", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
app_info = vcf::cisco_finesse::get_app_info(app:'Cisco VOSS Finesse');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
constraints = [
{ 'min_version':'0', 'fixed_version':'10.0.1', 'fixed_display' : 'Refer to Cisco Bug ID: CSCug16732' }
];
vcf::cisco_finesse::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);