Details of VAR-201307-0205

ID

VAR-201307-0205

CVE

CVE-2013-3420

TITLE

Cisco Identity Services Engine of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-003452

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506. Vendors have confirmed this vulnerability Bug ID CSCuh25506 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCuh25506. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2013-3420 // JVNDB: JVNDB-2013-003452 // BID: 61288 // VULHUB: VHN-63422

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.0 mr	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0.4.573	Trust: 0.3
vendor:	cisco	model:	identity services engine software mr	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 61288 // JVNDB: JVNDB-2013-003452 // CNNVD: CNNVD-201307-390 // NVD: CVE-2013-3420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3420
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3420
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-390
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63422
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3420
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63422
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63422 // JVNDB: JVNDB-2013-003452 // CNNVD: CNNVD-201307-390 // NVD: CVE-2013-3420

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-63422 // JVNDB: JVNDB-2013-003452 // NVD: CVE-2013-3420

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-390

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201307-390

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003452

PATCH

title:	Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420	Trust: 0.8
title:	30111	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30111	Trust: 0.8

sources: JVNDB: JVNDB-2013-003452

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3420	Trust: 2.8
db:	BID	id:	61288	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-003452	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-390	Trust: 0.7
db:	CISCO	id:	20130717 CISCO IDENTITY SERVICES ENGINE CROSS-SITE REQUEST FORGERY VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-63422	Trust: 0.1

sources: VULHUB: VHN-63422 // BID: 61288 // JVNDB: JVNDB-2013-003452 // CNNVD: CNNVD-201307-390 // NVD: CVE-2013-3420

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3420	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3420	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3420	Trust: 0.8
url:	http://www.securityfocus.com/bid/61288	Trust: 0.6
url:	http://www.cisco.com	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30111	Trust: 0.3
url:	tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3420	Trust: 0.3

sources: VULHUB: VHN-63422 // BID: 61288 // JVNDB: JVNDB-2013-003452 // CNNVD: CNNVD-201307-390 // NVD: CVE-2013-3420

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 61288

SOURCES

db:	VULHUB	id:	VHN-63422
db:	BID	id:	61288
db:	JVNDB	id:	JVNDB-2013-003452
db:	CNNVD	id:	CNNVD-201307-390
db:	NVD	id:	CVE-2013-3420

LAST UPDATE DATE

2024-08-14T14:46:53.171000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63422	date:	2013-07-18T00:00:00
db:	BID	id:	61288	date:	2013-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2013-003452	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-390	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-3420	date:	2013-07-18T12:51:14.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63422	date:	2013-07-18T00:00:00
db:	BID	id:	61288	date:	2013-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2013-003452	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-390	date:	2013-07-19T00:00:00
db:	NVD	id:	CVE-2013-3420	date:	2013-07-18T12:51:14.243