Cisco Prime for HCS Assurance Information Leakage Vulnerability

Release date:
Updated on: 2013-06-27

Affected Systems:
Cisco Prime Central for HCS Assurance
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-3398
 
Cisco Prime Central for HCS Assurance is a carrier-level, extended service Assurance management platform.
 
A security vulnerability exists in the Cisco Prime for HCS Assurance Web framework. unauthenticated remote attackers can exploit this vulnerability to access internal file system resources. This vulnerability is caused by the absence of security considerations for responses to specially crafted HTTP requests. Attackers can exploit this vulnerability to send specially crafted HTTP requests to the affected system, and then observe the system response to obtain confidential information about the target system, such as the file system structure and path information, and the name of the file and directory.
 
<* Source: vendor

Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3398
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cisco
-----
Cisco has released a Security Bulletin (CVE-2013-3398) and patches for this:
Cisco Prime for HCS Assurance Information Disclosure Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3398