Details of VAR-201209-0393

ID

VAR-201209-0393

CVE

CVE-2012-3908

TITLE

Cisco ISE 3300 Series ISE Administrator user interface cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004408

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. The problem is Bug ID CSCty46684 It is a problem.A third party can hijack administrator authentication. Exploiting these issues may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCty46684. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability to hijack an administrator's authentication. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Identity Services Engine Cross-Site Request Forgery SECUNIA ADVISORY ID: SA50680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50680 RELEASE DATE: 2012-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/50680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks. The device allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions against the Administrator user interface when a logged-in user visits a specially crafted web page. SOLUTION: Update to version 1.1.0.665 Cumulative Patch 1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: CSCty46684: http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2012-3908 // JVNDB: JVNDB-2012-004408 // BID: 55602 // VULHUB: VHN-57189 // PACKETSTORM: 116685

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	3300	Trust: 1.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0.4	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.1	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0mr	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	lt	version:	1.1.0.665 cumulative patch 1	Trust: 0.8

sources: JVNDB: JVNDB-2012-004408 // CNNVD: CNNVD-201209-359 // NVD: CVE-2012-3908

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3908
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3908
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-359
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57189
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3908
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57189
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57189 // JVNDB: JVNDB-2012-004408 // CNNVD: CNNVD-201209-359 // NVD: CVE-2012-3908

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-57189 // JVNDB: JVNDB-2012-004408 // NVD: CVE-2012-3908

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-359

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201209-359

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004408

PATCH

title:

Release Notes for Cisco Identity Services Engine, Release 1.1

url:

http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-004408

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3908	Trust: 2.8
db:	BID	id:	55602	Trust: 1.4
db:	SECUNIA	id:	50680	Trust: 1.2
db:	JVNDB	id:	JVNDB-2012-004408	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-359	Trust: 0.7
db:	NSFOCUS	id:	20816	Trust: 0.6
db:	VULHUB	id:	VHN-57189	Trust: 0.1
db:	PACKETSTORM	id:	116685	Trust: 0.1

sources: VULHUB: VHN-57189 // BID: 55602 // JVNDB: JVNDB-2012-004408 // PACKETSTORM: 116685 // CNNVD: CNNVD-201209-359 // NVD: CVE-2012-3908

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/ise/1.1/release_notes/ise1.1_rn.html	Trust: 2.1
url:	http://en.securitylab.ru/lab/	Trust: 1.7
url:	http://www.securityfocus.com/bid/55602	Trust: 1.1
url:	http://secunia.com/advisories/50680	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3908	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3908	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/20816	Trust: 0.6
url:	http://www.cisco.com/en/us/products/ps6837/	Trust: 0.3
url:	http://secunia.com/advisories/50680/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/50680/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=50680	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-57189 // BID: 55602 // JVNDB: JVNDB-2012-004408 // PACKETSTORM: 116685 // CNNVD: CNNVD-201209-359 // NVD: CVE-2012-3908

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 55602

SOURCES

db:	VULHUB	id:	VHN-57189
db:	BID	id:	55602
db:	JVNDB	id:	JVNDB-2012-004408
db:	PACKETSTORM	id:	116685
db:	CNNVD	id:	CNNVD-201209-359
db:	NVD	id:	CVE-2012-3908

LAST UPDATE DATE

2024-11-23T21:46:01.956000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57189	date:	2013-03-26T00:00:00
db:	BID	id:	55602	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004408	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-359	date:	2012-09-19T00:00:00
db:	NVD	id:	CVE-2012-3908	date:	2024-11-21T01:41:48.777

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57189	date:	2012-09-16T00:00:00
db:	BID	id:	55602	date:	2012-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2012-004408	date:	2012-09-18T00:00:00
db:	PACKETSTORM	id:	116685	date:	2012-09-19T05:57:44
db:	CNNVD	id:	CNNVD-201209-359	date:	2012-09-19T00:00:00
db:	NVD	id:	CVE-2012-3908	date:	2012-09-16T10:34:51.207