ID

VAR-201306-0172


CVE

CVE-2013-3396


TITLE

Cisco content Runs on a Security Management appliance device Cisco Content Security Management Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003145

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Content Security Management on Security Management Appliance (SMA) devices allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh24749. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh24749 and CSCuh84596. This appliance is mainly used to manage all policies, reports, audit information, etc. =============================== - Advisory - =============================== Tittle: Cisco IronPort Security Management Appliance - Multiple issues Risk: Medium Date: 20.May.2013 Author: Pedro Andujar Twitter: @pandujar .: [ INTRO ] :. Is a central platform for managing all policy, reporting, and auditing information for Cisco web and email security appliances. .: [ TECHNICAL DESCRIPTION ] :. Name: Reflected Cross Site Scripting Severity: Low CVE: CVE-2013-3396 There is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request: ** PoC removed as requested by Cisco. ** .: [ ISSUE #2 }:. Name: Stored Cross Site Scripting Severity: Medium Due to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. ** PoC removed as requested by Cisco. ** .: [ ISSUE #3 }:. Name: CSRF Token is not used Severity: Low CVE: CVE-2013-3395 CSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area of the application, we got no error even when completely removing the parameter CSRFKey; ** PoC removed as requested by Cisco. ** See: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844 .: [ ISSUE #4 }:. Name: Lack of password obfuscation Severity: Low When exporting the configuration file even if you mark the "mask password" option, the SNMPv3 password still appears in cleartext. .: [ CHANGELOG ] :. * 20/May/2013: - Vulnerability found. * 27/May/2013: - Vendor contacted. * 11/Jul/2013: - Public Disclosure .: [ SOLUTIONS ] :. Thanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process. Stored XSS CSCuh24755 Reflected XSS http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396 SNMP password issue CSCuh27268, CSCuh70314 CSRF http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395 .: [ REFERENCES ] :

Trust: 2.07

sources: NVD: CVE-2013-3396 // JVNDB: JVNDB-2013-003145 // BID: 60829 // VULHUB: VHN-63398 // PACKETSTORM: 122955

AFFECTED PRODUCTS

vendor:ciscomodel:content security management appliancescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:content security management appliancescope:lteversion:8.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2013-003145 // CNNVD: CNNVD-201306-489 // NVD: CVE-2013-3396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3396
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3396
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201306-489
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63398
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3396
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63398
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63398 // JVNDB: JVNDB-2013-003145 // CNNVD: CNNVD-201306-489 // NVD: CVE-2013-3396

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63398 // JVNDB: JVNDB-2013-003145 // NVD: CVE-2013-3396

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201306-489

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201306-489

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003145

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-63398

PATCH

title:Cisco Content Security Management Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396

Trust: 0.8

title:29807url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29807

Trust: 0.8

sources: JVNDB: JVNDB-2013-003145

EXTERNAL IDS

db:NVDid:CVE-2013-3396

Trust: 2.9

db:BIDid:60829

Trust: 1.4

db:JVNDBid:JVNDB-2013-003145

Trust: 0.8

db:CNNVDid:CNNVD-201306-489

Trust: 0.7

db:CISCOid:20130626 CISCO CONTENT SECURITY MANAGEMENT CROSS-SITE SCRIPTING VULNERABILITY

Trust: 0.6

db:PACKETSTORMid:122955

Trust: 0.2

db:VULHUBid:VHN-63398

Trust: 0.1

sources: VULHUB: VHN-63398 // BID: 60829 // JVNDB: JVNDB-2013-003145 // PACKETSTORM: 122955 // CNNVD: CNNVD-201306-489 // NVD: CVE-2013-3396

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3396

Trust: 1.8

url:http://www.securityfocus.com/bid/60829

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3396

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3396

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:http://tools.cisco.com/security/center/publicationlisting.x

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=29844

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3396

Trust: 0.1

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3395

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-3395

Trust: 0.1

url:http://www.cisco.com/en/us/products/ps12503/index.html

Trust: 0.1

url:http://www.digitalsec.net/

Trust: 0.1

sources: VULHUB: VHN-63398 // BID: 60829 // JVNDB: JVNDB-2013-003145 // PACKETSTORM: 122955 // CNNVD: CNNVD-201306-489 // NVD: CVE-2013-3396

CREDITS

Cisco

Trust: 0.3

sources: BID: 60829

SOURCES

db:VULHUBid:VHN-63398
db:BIDid:60829
db:JVNDBid:JVNDB-2013-003145
db:PACKETSTORMid:122955
db:CNNVDid:CNNVD-201306-489
db:NVDid:CVE-2013-3396

LAST UPDATE DATE

2024-08-14T14:21:17.753000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-63398date:2015-10-16T00:00:00
db:BIDid:60829date:2014-02-18T06:46:00
db:JVNDBid:JVNDB-2013-003145date:2013-06-28T00:00:00
db:CNNVDid:CNNVD-201306-489date:2013-07-01T00:00:00
db:NVDid:CVE-2013-3396date:2015-10-16T15:06:38.037

SOURCES RELEASE DATE

db:VULHUBid:VHN-63398date:2013-06-26T00:00:00
db:BIDid:60829date:2013-06-26T00:00:00
db:JVNDBid:JVNDB-2013-003145date:2013-06-28T00:00:00
db:PACKETSTORMid:122955date:2013-08-26T20:58:21
db:CNNVDid:CNNVD-201306-489date:2013-06-26T00:00:00
db:NVDid:CVE-2013-3396date:2013-06-26T21:55:01.873