Sign-up

ID

VAR-201307-0209


CVE

CVE-2013-3424


TITLE

Cisco Secure Access Control System Management and view page cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003346

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. Vendors have confirmed this vulnerability Bug ID CSCud75177 It is released as.A third party may be able to hijack the authentication of any user. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue is being tracked by Cisco bug ID CSCud75177. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 1.98

sources: NVD: CVE-2013-3424 // JVNDB: JVNDB-2013-003346 // BID: 61175 // VULHUB: VHN-63426

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control system softwarescope:lteversion:5.4.0.46.3

Trust: 0.8

sources: JVNDB: JVNDB-2013-003346 // CNNVD: CNNVD-201307-242 // NVD: CVE-2013-3424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3424
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3424
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-242
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63426
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3424
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63426
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63426 // JVNDB: JVNDB-2013-003346 // CNNVD: CNNVD-201307-242 // NVD: CVE-2013-3424

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-63426 // JVNDB: JVNDB-2013-003346 // NVD: CVE-2013-3424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-242

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201307-242

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003346

PATCH
title:Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3424
Trust: 0.8
title:30075url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30075
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003346

EXTERNAL IDS
db:NVDid:CVE-2013-3424
Trust: 2.8
db:JVNDBid:JVNDB-2013-003346
Trust: 0.8
db:CNNVDid:CNNVD-201307-242
Trust: 0.7
db:CISCOid:20130712 CISCO SECURE ACCESS CONTROL SYSTEM ADMIN/VIEW PAGE CROSS-SITE REQUEST FORGERY VULNERABILITY
Trust: 0.6
db:BIDid:61175
Trust: 0.4
db:VULHUBid:VHN-63426
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63426 // 
            
            
            
            BID: 61175 // 
            
            
            
            JVNDB: JVNDB-2013-003346 // 
            
            
            
            CNNVD: CNNVD-201307-242 // 
            
            
            
            NVD: CVE-2013-3424

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3424
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85625
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3424
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3424
Trust: 0.8
sources:
            
            
            VULHUB: VHN-63426 // 
            
            
            
            JVNDB: JVNDB-2013-003346 // 
            
            
            
            CNNVD: CNNVD-201307-242 // 
            
            
            
            NVD: CVE-2013-3424

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 61175

SOURCES
db:VULHUBid:VHN-63426
db:BIDid:61175
db:JVNDBid:JVNDB-2013-003346
db:CNNVDid:CNNVD-201307-242
db:NVDid:CVE-2013-3424

LAST UPDATE DATE
2024-08-14T15:44:54.653000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63426date:2017-08-29T00:00:00
db:BIDid:61175date:2013-07-16T00:00:00
db:JVNDBid:JVNDB-2013-003346date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-242date:2013-07-18T00:00:00
db:NVDid:CVE-2013-3424date:2017-08-29T01:33:23.120

SOURCES RELEASE DATE
db:VULHUBid:VHN-63426date:2013-07-12T00:00:00
db:BIDid:61175date:2013-07-16T00:00:00
db:JVNDBid:JVNDB-2013-003346date:2013-07-16T00:00:00
db:CNNVDid:CNNVD-201307-242date:2013-07-18T00:00:00
db:NVDid:CVE-2013-3424date:2013-07-12T21:55:01.057