CVE-2013-3405

{"id": "CVE-2013-3405", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-07-10T20:55:02.107", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3405", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071."}, {"lang": "es", "value": "El portal web en TC software en Cisco TelePresence no requiere una coincidencia exacta con el password durante un intento de login por un usuario que no ha configurado un password, lo que permite a atacantes remotos eludir la autenticaci\u00f3n mediante el env\u00edo de passwords arbitrarios. Tambi\u00e9n conocido como Bug ID CSCud96071."}], "lastModified": "2013-10-11T14:46:45.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_tc_software:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3F94F1D-C140-435D-850D-BA5288408C1A"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}