CVE-2013-3564
Description
The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the dir command or issue other commands without authenticating.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.233
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in VLC Media Player (X64) 2.0.6 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player 2.0.6 | Windows |
| Multiple Vulnerabilities are affected in VLC Media Player (MSI) (x64) 2.0.6 | Windows |
| Multiple Vulnerabilities are affected in VLC media player (MSI) 2.0.6 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-327882 | VLC Media Player (X64) (3.0.18) |
| PATCH-327878 | VLC Media Player (3.0.18) |
| PATCH-334048 | VLC media player (MSI) (x64) (3.0.20.0) |
| PATCH-334050 | VLC media player (MSI) (3.0.20.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234