CVE-2013-3431

Cisco Video Surveillance Manager < 7.0.0 - Unauthenticated Information Disclosure via VSMC Monitoring Pages

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3431. PoCs published by Bassem.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Cisco Video Surveillance Operations Manager 6.3.2, including local file inclusion (LFI), authentication bypass, and XSS. The LFI allows unauthenticated remote attackers to read arbitrary files via path traversal in the `read_log.jsp` endpoint.

Description

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.

Exploits (1)

exploitdb WORKING POC

by Bassem · textwebappsjsp

https://www.exploit-db.com/exploits/24786

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Cisco Video Surveillance Operations Manager 6.3.2, including local file inclusion (LFI), authentication bypass, and XSS. The LFI allows unauthenticated remote attackers to read arbitrary files via path traversal in the `read_log.jsp` endpoint.

Classification

Working Poc 90%

Attack Type

Info Leak | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: Cisco Video Surveillance Operations Manager 6.3.2

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access T1068 - Exploitation for Privilege Escalation T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/85945

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61431

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1028827

Scores

EPSS 0.0926

EPSS Percentile 94.7%

Details

CWE

CWE-287

Status published

Products (18)

cisco/video_surveillance_manager 1.1.0

cisco/video_surveillance_manager 1.2.1

cisco/video_surveillance_manager 2.0.0

cisco/video_surveillance_manager 2.1

cisco/video_surveillance_manager 2.1.2

cisco/video_surveillance_manager 2.1.3

cisco/video_surveillance_manager 2.1.4

cisco/video_surveillance_manager 2.1.6

cisco/video_surveillance_manager 2.1.7

cisco/video_surveillance_manager 2.3.0

... and 8 more

Published Jul 25, 2013

Tracked Since Feb 18, 2026