Sign-up

ID

VAR-201303-0398


CVE

CVE-2013-1153


TITLE

Cisco Prime Infrastructure of Web Interface cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-001783

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web interface in Cisco Prime Infrastructure allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCue84676. The problem is Bug ID CSCue84676 It is a problem.A third party may be able to hijack arbitrary user authentication. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCue84676

Trust: 1.98

sources: NVD: CVE-2013-1153 // JVNDB: JVNDB-2013-001783 // BID: 58375 // VULHUB: VHN-61155

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope: - version: -

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:1.3

Trust: 0.3

sources: BID: 58375 // JVNDB: JVNDB-2013-001783 // CNNVD: CNNVD-201303-136 // NVD: CVE-2013-1153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1153
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1153
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201303-136
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61155
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1153
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61155
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61155 // JVNDB: JVNDB-2013-001783 // CNNVD: CNNVD-201303-136 // NVD: CVE-2013-1153

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-61155 // JVNDB: JVNDB-2013-001783 // NVD: CVE-2013-1153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201303-136

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201303-136

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001783

PATCH
title:Cisco Prime Infrastructure CSRF Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1153
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-001783

EXTERNAL IDS
db:NVDid:CVE-2013-1153
Trust: 2.8
db:JVNDBid:JVNDB-2013-001783
Trust: 0.8
db:CNNVDid:CNNVD-201303-136
Trust: 0.7
db:SECUNIAid:52495
Trust: 0.6
db:CISCOid:20130305 CISCO PRIME INFRASTRUCTURE CSRF VULNERABILITY
Trust: 0.6
db:BIDid:58375
Trust: 0.4
db:VULHUBid:VHN-61155
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61155 // 
            
            
            
            BID: 58375 // 
            
            
            
            JVNDB: JVNDB-2013-001783 // 
            
            
            
            CNNVD: CNNVD-201303-136 // 
            
            
            
            NVD: CVE-2013-1153

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1153
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1153
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1153
Trust: 0.8
url:http://secunia.com/advisories/52495
Trust: 0.6
url:http://tools.cisco.com/security/center/viewalert.x?alertid=28502
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps12239/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61155 // 
            
            
            
            BID: 58375 // 
            
            
            
            JVNDB: JVNDB-2013-001783 // 
            
            
            
            CNNVD: CNNVD-201303-136 // 
            
            
            
            NVD: CVE-2013-1153

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 58375

SOURCES
db:VULHUBid:VHN-61155
db:BIDid:58375
db:JVNDBid:JVNDB-2013-001783
db:CNNVDid:CNNVD-201303-136
db:NVDid:CVE-2013-1153

LAST UPDATE DATE
2024-11-23T22:49:35.225000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61155date:2013-03-08T00:00:00
db:BIDid:58375date:2013-03-06T00:00:00
db:JVNDBid:JVNDB-2013-001783date:2013-03-11T00:00:00
db:CNNVDid:CNNVD-201303-136date:2013-03-08T00:00:00
db:NVDid:CVE-2013-1153date:2024-11-21T01:49:00.357

SOURCES RELEASE DATE
db:VULHUBid:VHN-61155date:2013-03-07T00:00:00
db:BIDid:58375date:2013-03-06T00:00:00
db:JVNDBid:JVNDB-2013-001783date:2013-03-11T00:00:00
db:CNNVDid:CNNVD-201303-136date:2013-03-08T00:00:00
db:NVDid:CVE-2013-1153date:2013-03-07T20:55:02.253