Details of VAR-201308-0007

ID

VAR-201308-0007

CVE

CVE-2012-5744

TITLE

Cisco Identity Services Engine Software guest portal cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003941

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. Vendors have confirmed this vulnerability Bug ID CSCud11139 and CSCug02904 It is released as.By any third party Web Script or HTML May be inserted. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues are being tracked by Cisco Bug IDs CSCud11139 and CSCug02904. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit these vulnerabilities to inject arbitrary Web script or HTML

Trust: 2.07

sources: NVD: CVE-2012-5744 // JVNDB: JVNDB-2013-003941 // BID: 62062 // VULHUB: VHN-59025 // VULMON: CVE-2012-5744

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.1	Trust: 0.8

sources: JVNDB: JVNDB-2013-003941 // CNNVD: CNNVD-201308-476 // NVD: CVE-2012-5744

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-5744
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-5744
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201308-476
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-59025
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2012-5744
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-5744
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-59025
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-59025 // VULMON: CVE-2012-5744 // JVNDB: JVNDB-2013-003941 // CNNVD: CNNVD-201308-476 // NVD: CVE-2012-5744

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-59025 // JVNDB: JVNDB-2013-003941 // NVD: CVE-2012-5744

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-476

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201308-476

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003941

PATCH

title:	Cisco ISE Guest Portal XSS Vulnerabilities	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744	Trust: 0.8
title:	30546	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30546	Trust: 0.8

sources: JVNDB: JVNDB-2013-003941

EXTERNAL IDS

db:	NVD	id:	CVE-2012-5744	Trust: 2.9
db:	BID	id:	62062	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-003941	Trust: 0.8
db:	CNNVD	id:	CNNVD-201308-476	Trust: 0.7
db:	CISCO	id:	20130829 CISCO ISE GUEST PORTAL XSS VULNERABILITIES	Trust: 0.6
db:	VULHUB	id:	VHN-59025	Trust: 0.1
db:	VULMON	id:	CVE-2012-5744	Trust: 0.1

sources: VULHUB: VHN-59025 // VULMON: CVE-2012-5744 // BID: 62062 // JVNDB: JVNDB-2013-003941 // CNNVD: CNNVD-201308-476 // NVD: CVE-2012-5744

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2012-5744	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5744	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5744	Trust: 0.8
url:	http://www.securityfocus.com/bid/62062	Trust: 0.7
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-59025 // VULMON: CVE-2012-5744 // BID: 62062 // JVNDB: JVNDB-2013-003941 // CNNVD: CNNVD-201308-476 // NVD: CVE-2012-5744

CREDITS

David Robinson of Context Information Security.

Trust: 0.9

sources: BID: 62062 // CNNVD: CNNVD-201308-476

SOURCES

db:	VULHUB	id:	VHN-59025
db:	VULMON	id:	CVE-2012-5744
db:	BID	id:	62062
db:	JVNDB	id:	JVNDB-2013-003941
db:	CNNVD	id:	CNNVD-201308-476
db:	NVD	id:	CVE-2012-5744

LAST UPDATE DATE

2024-08-14T14:28:02.341000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-59025	date:	2013-08-30T00:00:00
db:	VULMON	id:	CVE-2012-5744	date:	2013-08-30T00:00:00
db:	BID	id:	62062	date:	2013-08-30T00:15:00
db:	JVNDB	id:	JVNDB-2013-003941	date:	2013-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201308-476	date:	2013-09-05T00:00:00
db:	NVD	id:	CVE-2012-5744	date:	2013-08-30T13:44:30.800

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-59025	date:	2013-08-30T00:00:00
db:	VULMON	id:	CVE-2012-5744	date:	2013-08-30T00:00:00
db:	BID	id:	62062	date:	2013-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2013-003941	date:	2013-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201308-476	date:	2013-08-29T00:00:00
db:	NVD	id:	CVE-2012-5744	date:	2013-08-30T01:55:08.437