Unauthenticated Access to Sensitive Information in Cisco Server Provisioner

Unauthenticated Access to Sensitive Information in Cisco Server Provisioner

CVE-2013-3407 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664.

Learn more about our Cis Benchmark Audit For Cisco.