Details of VAR-201307-0195

ID

VAR-201307-0195

CVE

CVE-2013-3395

TITLE

plural Cisco Security Appliance Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-003179

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634. Vendors have confirmed this vulnerability Bug IDs CSCuh70263 , CSCuh70323 ,and CSCuh26634 It is released as.A third party may be able to hijack arbitrary user authentication. Multiple Cisco Devices are prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected device. This issue is being tracked by Cisco bug IDs CSCuh70323, CSCuh26634, and CSCuh70263. Content SMA is a set of content security management equipment. A remote attacker could exploit this vulnerability to hijack the authentication of any user. =============================== - Advisory - =============================== Tittle: Cisco IronPort Security Management Appliance - Multiple issues Risk: Medium Date: 20.May.2013 Author: Pedro Andujar Twitter: @pandujar .: [ INTRO ] :. The Cisco Security Management Appliance helps to enable flexible management and comprehensive security control at the network gateway. .: [ TECHNICAL DESCRIPTION ] :. Cisco IronPort Security Management Appliance M170 v7.9.1-030 (and probably other products), are prone to several security issues as described below; .: [ ISSUE #1 }:. Name: Reflected Cross Site Scripting Severity: Low CVE: CVE-2013-3396 There is a lack of output escaping in the default error 500 page. When a exception occurs in the application, the error description contains user unvalidated input from the request: ** PoC removed as requested by Cisco. ** .: [ ISSUE #2 }:. Name: Stored Cross Site Scripting Severity: Medium Due to a lack of input validation on job_name, job_type, appliances_options and config_master parameters which are then printed unscapped on job_name, old_job_name, job_type, appliance_lists and config_master fields. ** PoC removed as requested by Cisco. ** .: [ ISSUE #3 }:. Name: CSRF Token is not used Severity: Low CVE: CVE-2013-3395 CSRFKey is not used in some areas of the application, which make even easier to exploit Reflected XSS Issues. In the /report area of the application, we got no error even when completely removing the parameter CSRFKey; ** PoC removed as requested by Cisco. ** See: http://tools.cisco.com/security/center/viewAlert.x?alertId=29844 .: [ ISSUE #4 }:. Name: Lack of password obfuscation Severity: Low When exporting the configuration file even if you mark the "mask password" option, the SNMPv3 password still appears in cleartext. .: [ CHANGELOG ] :. * 20/May/2013: - Vulnerability found. * 27/May/2013: - Vendor contacted. * 11/Jul/2013: - Public Disclosure .: [ SOLUTIONS ] :. Thanks to Stefano De Crescenzo (Cisco PSIRT Team), because of his professional way of managing the entire process. Stored XSS CSCuh24755 Reflected XSS http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3396 SNMP password issue CSCuh27268, CSCuh70314 CSRF http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395 .: [ REFERENCES ] :

Trust: 2.16

sources: NVD: CVE-2013-3395 // JVNDB: JVNDB-2013-003179 // BID: 60919 // VULHUB: VHN-63397 // VULMON: CVE-2013-3395 // PACKETSTORM: 122955

AFFECTED PRODUCTS

vendor:	cisco	model:	email security appliance	scope:	eq	version:	-	Trust: 2.2
vendor:	cisco	model:	web security appliance	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	e email security the appliance	scope:	eq	version:	7.8 and before that	Trust: 0.8
vendor:	cisco	model:	web security the appliance	scope:	eq	version:	7.7 and before that	Trust: 0.8
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	8.1 and before that	Trust: 0.8
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.5.1	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	web security appliance	scope:	eq	version:	7.7	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.6.2	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.6.1	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.6	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.5.2	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.5.1	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.5	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.3.2	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.3.1	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.3	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.1.5	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	email security appliance	scope:	eq	version:	7.8	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.9.1	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.9	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.7.1	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.7	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.2.2	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.2.1	Trust: 0.3
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	7.2	Trust: 0.3

sources: BID: 60919 // JVNDB: JVNDB-2013-003179 // CNNVD: CNNVD-201307-042 // NVD: CVE-2013-3395

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3395
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3395
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-042
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63397
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-3395
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3395
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-63397
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63397 // VULMON: CVE-2013-3395 // JVNDB: JVNDB-2013-003179 // CNNVD: CNNVD-201307-042 // NVD: CVE-2013-3395

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-63397 // JVNDB: JVNDB-2013-003179 // NVD: CVE-2013-3395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-042

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201307-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003179

PATCH

title:	Cisco IronPort Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395	Trust: 0.8
title:	29844	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=29844	Trust: 0.8

sources: JVNDB: JVNDB-2013-003179

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3395	Trust: 3.0
db:	JVNDB	id:	JVNDB-2013-003179	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-042	Trust: 0.7
db:	CISCO	id:	20130626 CISCO IRONPORT CROSS-SITE REQUEST FORGERY VULNERABILITY	Trust: 0.6
db:	BID	id:	60919	Trust: 0.5
db:	PACKETSTORM	id:	122955	Trust: 0.2
db:	VULHUB	id:	VHN-63397	Trust: 0.1
db:	VULMON	id:	CVE-2013-3395	Trust: 0.1

sources: VULHUB: VHN-63397 // VULMON: CVE-2013-3395 // BID: 60919 // JVNDB: JVNDB-2013-003179 // PACKETSTORM: 122955 // CNNVD: CNNVD-201307-042 // NVD: CVE-2013-3395

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3395	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3395	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3395	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=29844	Trust: 0.4
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/60919	Trust: 0.1
url:	https://packetstormsecurity.com/files/122955/cisco-ironport-cross-site-request-forgery-cross-site-scripting.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/publicationlisting.x	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3396	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3396	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3395	Trust: 0.1
url:	http://www.cisco.com/en/us/products/ps12503/index.html	Trust: 0.1
url:	http://www.digitalsec.net/	Trust: 0.1

sources: VULHUB: VHN-63397 // VULMON: CVE-2013-3395 // BID: 60919 // JVNDB: JVNDB-2013-003179 // PACKETSTORM: 122955 // CNNVD: CNNVD-201307-042 // NVD: CVE-2013-3395

CREDITS

Cisco

Trust: 0.3

sources: BID: 60919

SOURCES

db:	VULHUB	id:	VHN-63397
db:	VULMON	id:	CVE-2013-3395
db:	BID	id:	60919
db:	JVNDB	id:	JVNDB-2013-003179
db:	PACKETSTORM	id:	122955
db:	CNNVD	id:	CNNVD-201307-042
db:	NVD	id:	CVE-2013-3395

LAST UPDATE DATE

2024-08-14T14:21:17.714000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63397	date:	2018-10-30T00:00:00
db:	VULMON	id:	CVE-2013-3395	date:	2018-10-30T00:00:00
db:	BID	id:	60919	date:	2013-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2013-003179	date:	2013-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201307-042	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-3395	date:	2018-10-30T16:27:22.513

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63397	date:	2013-07-02T00:00:00
db:	VULMON	id:	CVE-2013-3395	date:	2013-07-02T00:00:00
db:	BID	id:	60919	date:	2013-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2013-003179	date:	2013-07-03T00:00:00
db:	PACKETSTORM	id:	122955	date:	2013-08-26T20:58:21
db:	CNNVD	id:	CNNVD-201307-042	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-3395	date:	2013-07-02T03:43:34.647