Sign-up

ID

VAR-201307-0200


CVE

CVE-2013-3413


TITLE

Cisco Identity Services Engine Run on administration/monitoring Panel cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003215

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036. Vendors have confirmed this vulnerability Bug ID CSCuh87036 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh87036. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 2.07

sources: NVD: CVE-2013-3413 // JVNDB: JVNDB-2013-003215 // BID: 60945 // VULHUB: VHN-63415 // VULMON: CVE-2013-3413

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:0

Trust: 0.3

sources: BID: 60945 // JVNDB: JVNDB-2013-003215 // CNNVD: CNNVD-201307-065 // NVD: CVE-2013-3413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3413
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3413
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-065
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63415
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-3413
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3413
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-63415
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63415 // VULMON: CVE-2013-3413 // JVNDB: JVNDB-2013-003215 // CNNVD: CNNVD-201307-065 // NVD: CVE-2013-3413

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63415 // JVNDB: JVNDB-2013-003215 // NVD: CVE-2013-3413

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-065

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-065

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003215

PATCH
title:XSS bug in ISE Search formurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003215

EXTERNAL IDS
db:NVDid:CVE-2013-3413
Trust: 2.9
db:JVNDBid:JVNDB-2013-003215
Trust: 0.8
db:CNNVDid:CNNVD-201307-065
Trust: 0.7
db:CISCOid:20130703 XSS BUG IN ISE SEARCH FORM
Trust: 0.6
db:BIDid:60945
Trust: 0.5
db:VULHUBid:VHN-63415
Trust: 0.1
db:VULMONid:CVE-2013-3413
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63415 // 
            
            
            
            VULMON: CVE-2013-3413 // 
            
            
            
            BID: 60945 // 
            
            
            
            JVNDB: JVNDB-2013-003215 // 
            
            
            
            CNNVD: CNNVD-201307-065 // 
            
            
            
            NVD: CVE-2013-3413

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3413
Trust: 2.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3413
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3413
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/60945
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63415 // 
            
            
            
            VULMON: CVE-2013-3413 // 
            
            
            
            BID: 60945 // 
            
            
            
            JVNDB: JVNDB-2013-003215 // 
            
            
            
            CNNVD: CNNVD-201307-065 // 
            
            
            
            NVD: CVE-2013-3413

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 60945

SOURCES
db:VULHUBid:VHN-63415
db:VULMONid:CVE-2013-3413
db:BIDid:60945
db:JVNDBid:JVNDB-2013-003215
db:CNNVDid:CNNVD-201307-065
db:NVDid:CVE-2013-3413

LAST UPDATE DATE
2024-08-14T15:03:41.412000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63415date:2013-07-13T00:00:00
db:VULMONid:CVE-2013-3413date:2013-07-13T00:00:00
db:BIDid:60945date:2013-07-03T00:00:00
db:JVNDBid:JVNDB-2013-003215date:2013-07-08T00:00:00
db:CNNVDid:CNNVD-201307-065date:2013-07-05T00:00:00
db:NVDid:CVE-2013-3413date:2013-07-13T07:16:21.847

SOURCES RELEASE DATE
db:VULHUBid:VHN-63415date:2013-07-04T00:00:00
db:VULMONid:CVE-2013-3413date:2013-07-04T00:00:00
db:BIDid:60945date:2013-07-03T00:00:00
db:JVNDBid:JVNDB-2013-003215date:2013-07-08T00:00:00
db:CNNVDid:CNNVD-201307-065date:2013-07-05T00:00:00
db:NVDid:CVE-2013-3413date:2013-07-04T14:33:41.557