CVE-2013-3406

CVE-2013-3406 is a medium-severity vulnerability in Cisco Service Portal with a CVSS 2.0 base score of 6.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.

Key facts

Description

The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687.

Frequently asked questions

What is CVE-2013-3406?
The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.4(1) allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687.
How severe is CVE-2013-3406?
CVE-2013-3406 has a CVSS 2.0 base score of 6.8, rated medium severity.
Is CVE-2013-3406 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (62nd percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2013-3406?
CVE-2013-3406 affects Cisco Service Portal. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2013-3406?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2013-3406 published?
CVE-2013-3406 was published on 2013-11-18 and last updated on 2026-06-16.

References

Affected products (1)

Other CWE-20 (Improper Input Validation) vulnerabilities

Browse all CWE-20 (Improper Input Validation) vulnerabilities →