CVE-2013-3431

Cisco Video Surveillance Manager < 7.0.0 - Unauthenticated Information Disclosure via VSMC Monitoring Pages

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3431. PoCs published by Bassem.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Cisco Video Surveillance Operations Manager 6.3.2, including local file inclusion (LFI), authentication bypass, and XSS. The LFI allows unauthenticated remote attackers to read arbitrary files via path traversal in the `read_log.jsp` endpoint.

Description

Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169.

Exploits (1)

exploitdb WORKING POC
by Bassem · textwebappsjsp
https://www.exploit-db.com/exploits/24786

The exploit demonstrates multiple vulnerabilities in Cisco Video Surveillance Operations Manager 6.3.2, including local file inclusion (LFI), authentication bypass, and XSS. The LFI allows unauthenticated remote attackers to read arbitrary files via path traversal in the `read_log.jsp` endpoint.

Classification
Working Poc 90%
Attack Type
Info Leak | Auth Bypass | Xss
Complexity
Trivial
Reliability
Reliable
Target: Cisco Video Surveillance Operations Manager 6.3.2
No auth needed
Prerequisites: Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85945
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61431
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1028827

Scores

EPSS 0.0926
EPSS Percentile 94.7%

Details

CWE
CWE-287
Status published
Products (18)
cisco/video_surveillance_manager 1.1.0
cisco/video_surveillance_manager 1.2.1
cisco/video_surveillance_manager 2.0.0
cisco/video_surveillance_manager 2.1
cisco/video_surveillance_manager 2.1.2
cisco/video_surveillance_manager 2.1.3
cisco/video_surveillance_manager 2.1.4
cisco/video_surveillance_manager 2.1.6
cisco/video_surveillance_manager 2.1.7
cisco/video_surveillance_manager 2.3.0
... and 8 more
Published Jul 25, 2013
Tracked Since Feb 18, 2026