Details of VAR-201307-0212

ID

VAR-201307-0212

CVE

CVE-2013-3428

TITLE

Cisco Secure Access Control System of Web Vulnerabilities that capture important information in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-003352

DESCRIPTION

The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. Cisco Secure Access Control System is prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCue65957. The system can respectively control network access and network device access through RADIUS and TACACS protocols. A remote attacker could exploit this vulnerability to view detailed error message information by sending a specially crafted request to trigger the error

Trust: 1.98

sources: NVD: CVE-2013-3428 // JVNDB: JVNDB-2013-003352 // BID: 61174 // VULHUB: VHN-63430

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	lte	version:	5.4.0.46.3	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.3	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.2	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.1	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.6	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.7	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.6	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.5	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.3	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.2	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.1	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3	Trust: 0.3

sources: BID: 61174 // JVNDB: JVNDB-2013-003352 // CNNVD: CNNVD-201307-264 // NVD: CVE-2013-3428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3428
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3428
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-264
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63430
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3428
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-63430
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63430 // JVNDB: JVNDB-2013-003352 // CNNVD: CNNVD-201307-264 // NVD: CVE-2013-3428

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-63430 // JVNDB: JVNDB-2013-003352 // NVD: CVE-2013-3428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-264

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201307-264

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003352

PATCH

title:	Cisco Secure Access Control System Error Condition Information Disclosure Issue	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3428	Trust: 0.8
title:	30074	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30074	Trust: 0.8

sources: JVNDB: JVNDB-2013-003352

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3428	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-003352	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-264	Trust: 0.7
db:	CISCO	id:	20130712 CISCO SECURE ACCESS CONTROL SYSTEM ERROR CONDITION INFORMATION DISCLOSURE ISSUE	Trust: 0.6
db:	BID	id:	61174	Trust: 0.4
db:	VULHUB	id:	VHN-63430	Trust: 0.1

sources: VULHUB: VHN-63430 // BID: 61174 // JVNDB: JVNDB-2013-003352 // CNNVD: CNNVD-201307-264 // NVD: CVE-2013-3428

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3428	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3428	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3428	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30074	Trust: 0.3

sources: VULHUB: VHN-63430 // BID: 61174 // JVNDB: JVNDB-2013-003352 // CNNVD: CNNVD-201307-264 // NVD: CVE-2013-3428

CREDITS

Cisco

Trust: 0.3

sources: BID: 61174

SOURCES

db:	VULHUB	id:	VHN-63430
db:	BID	id:	61174
db:	JVNDB	id:	JVNDB-2013-003352
db:	CNNVD	id:	CNNVD-201307-264
db:	NVD	id:	CVE-2013-3428

LAST UPDATE DATE

2024-08-14T14:28:02.820000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63430	date:	2013-07-16T00:00:00
db:	BID	id:	61174	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003352	date:	2013-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201307-264	date:	2013-07-16T00:00:00
db:	NVD	id:	CVE-2013-3428	date:	2013-07-16T04:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63430	date:	2013-07-15T00:00:00
db:	BID	id:	61174	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003352	date:	2013-07-17T00:00:00
db:	CNNVD	id:	CNNVD-201307-264	date:	2013-07-16T00:00:00
db:	NVD	id:	CVE-2013-3428	date:	2013-07-15T15:55:01.400