Path Enumeration Vulnerability in Cisco Prime Central for Hosted Collaboration Solution

CVE-2013-3398

Summary

A vulnerability in the web framework of Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance allows remote attackers to exploit differences in responses to requests for arbitrary pathnames based on the existence of the pathname. This behavior leads to the risk of directory and file enumeration, which can reveal sensitive information about the server's file structure and contents. Attackers can craft various requests to exploit this weakness, potentially compromising the security of hosted services.

References