CVE-2013-3406
Description
Cisco Services Portal 9.4(1) allows authenticated users to read arbitrary files via a crafted request to the Files Available for Download feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco Services Portal 9.4(1) allows authenticated users to read arbitrary files via a crafted request to the Files Available for Download feature.
Vulnerability
The 'Files Available for Download' functionality in the Cisco Intelligent Automation for Cloud component within Cisco Services Portal version 9.4(1) contains a path traversal vulnerability. Remote authenticated users can read arbitrary files by sending a specially crafted request to the affected endpoint. This issue is tracked as Cisco bug ID CSCug65687 [1].
Exploitation
An attacker with valid authentication credentials to the Cisco Services Portal can craft a malicious request targeting the file download feature. No additional privileges beyond authentication are required. The attacker can then retrieve arbitrary files from the server.
Impact
Successful exploitation allows the attacker to read any file on the underlying operating system that the web server process has access to, leading to unauthorized information disclosure of sensitive data.
Mitigation
Cisco has not released a software update to address this vulnerability. Users should limit access to the Cisco Services Portal to trusted users and monitor for suspicious activity. For further details, refer to the Cisco Security Notice [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:cisco:service_portal:9.4.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:service_portal:9.4.1:*:*:*:*:*:*:*
- (no CPE)range: = 9.4(1)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3406nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
News mentions
0No linked articles in our index yet.