ID

VAR-201305-0120


CVE

CVE-2013-1247


TITLE

Cisco Prime Infrastructure Wireless configuration module cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2013-002864 // CNNVD: CNNVD-201305-651

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, aka Bug ID CSCuf04356. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible

Trust: 1.98

sources: NVD: CVE-2013-1247 // JVNDB: JVNDB-2013-002864 // BID: 60263 // VULHUB: VHN-61249

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime infrastructurescope:eqversion:1.2

Trust: 1.1

sources: BID: 60263 // JVNDB: JVNDB-2013-002864 // CNNVD: CNNVD-201305-651 // NVD: CVE-2013-1247

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1247
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1247
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-651
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61249
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1247
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61249
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61249 // JVNDB: JVNDB-2013-002864 // CNNVD: CNNVD-201305-651 // NVD: CVE-2013-1247

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-61249 // JVNDB: JVNDB-2013-002864 // NVD: CVE-2013-1247

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-651

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201305-651

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002864

PATCH

title:Cisco Prime Infrastructure Cross-Site Scripting Vulnerability From Rogue AP SSIDsurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1247

Trust: 0.8

title:29509url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29509

Trust: 0.8

sources: JVNDB: JVNDB-2013-002864

EXTERNAL IDS

db:NVDid:CVE-2013-1247

Trust: 2.8

db:JVNDBid:JVNDB-2013-002864

Trust: 0.8

db:CNNVDid:CNNVD-201305-651

Trust: 0.7

db:CISCOid:20130521 CISCO PRIME INFRASTRUCTURE CROSS-SITE SCRIPTING VULNERABILITY FROM ROGUE AP SSIDS

Trust: 0.6

db:BIDid:60263

Trust: 0.4

db:VULHUBid:VHN-61249

Trust: 0.1

sources: VULHUB: VHN-61249 // BID: 60263 // JVNDB: JVNDB-2013-002864 // CNNVD: CNNVD-201305-651 // NVD: CVE-2013-1247

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1247

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1247

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1247

Trust: 0.8

url:http://www.cisco.com/en/us/products/ps12239/index.html

Trust: 0.3

url:tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1247

Trust: 0.3

url:http://tools.cisco.com/security/center/viewalert.x?alertid=29509

Trust: 0.3

sources: VULHUB: VHN-61249 // BID: 60263 // JVNDB: JVNDB-2013-002864 // CNNVD: CNNVD-201305-651 // NVD: CVE-2013-1247

CREDITS

Cisco

Trust: 0.3

sources: BID: 60263

SOURCES

db:VULHUBid:VHN-61249
db:BIDid:60263
db:JVNDBid:JVNDB-2013-002864
db:CNNVDid:CNNVD-201305-651
db:NVDid:CVE-2013-1247

LAST UPDATE DATE

2024-08-14T13:35:52.560000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-61249date:2013-06-03T00:00:00
db:BIDid:60263date:2013-05-21T00:00:00
db:JVNDBid:JVNDB-2013-002864date:2013-06-04T00:00:00
db:CNNVDid:CNNVD-201305-651date:2013-06-03T00:00:00
db:NVDid:CVE-2013-1247date:2013-06-03T04:00:00

SOURCES RELEASE DATE

db:VULHUBid:VHN-61249date:2013-05-31T00:00:00
db:BIDid:60263date:2013-05-21T00:00:00
db:JVNDBid:JVNDB-2013-002864date:2013-06-04T00:00:00
db:CNNVDid:CNNVD-201305-651date:2013-05-31T00:00:00
db:NVDid:CVE-2013-1247date:2013-05-31T21:55:01.127