CVE-2013-3431
CVE-2013-3431 is a high-severity vulnerability in Cisco Video Surveillance Manager with a CVSS 2.0 base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-287.
Key facts
- Severity: High (CVSS 2.0 base score 7.8)
- EPSS exploit prediction: 9% (95th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-287
- Affected product: Cisco Video Surveillance Manager
- Published:
- Last modified:
Description
Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
Frequently asked questions
- What is CVE-2013-3431?
- Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.
- How severe is CVE-2013-3431?
- CVE-2013-3431 has a CVSS 2.0 base score of 7.8, rated high severity.
- Is CVE-2013-3431 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 9% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-3431?
- CVE-2013-3431 primarily affects Cisco Video Surveillance Manager. In total, 21 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-3431?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2013-3431 published?
- CVE-2013-3431 was published on 2013-07-25 and last updated on 2026-06-16.
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm
- http://www.securityfocus.com/bid/61431
- http://www.securitytracker.com/id/1028827
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
Affected products (21)
- cpe:2.3:a:cisco:video_surveillance_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr1:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr2:*:*:*:*:*:*
- cpe:2.3:a:cisco:video_surveillance_manager:6.3.2:mr3:*:*:*:*:*:*
More vulnerabilities in Cisco Video Surveillance Manager
- CVE-2021-44228 — Critical (CVSS 10.0): Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in…
- CVE-2018-15427 — Critical (CVSS 9.8): A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and…
- CVE-2013-3430 — Critical (CVSS 9.0): Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote attackers to obtain sensitive configuration, archive,…
- CVE-2013-3429 — High (CVSS 7.8): Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote…
- CVE-2019-1717 — High (CVSS 7.5): A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an…
All CVEs affecting Cisco Video Surveillance Manager →
Other CWE-287 (Improper Authentication) vulnerabilities
- CVE-2026-45480 — Critical (CVSS 10.0): Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2026-46389 — Critical (CVSS 10.0): UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS…
- CVE-2026-10611 — Critical (CVSS 10.0): An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement.…
- CVE-2026-47280 — Critical (CVSS 10.0): Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a…
- CVE-2026-42822 — Critical (CVSS 10.0): Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges…
- CVE-2026-20182 — Critical (CVSS 10.0): May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and…
Browse all CWE-287 (Improper Authentication) vulnerabilities →