Sign-up

ID

VAR-201308-0217


CVE

CVE-2013-3471


TITLE

Cisco ISE Captive Portal Application Plaintext Credentials Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 62030 // CNNVD: CNNVD-201308-454

DESCRIPTION

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCug02515. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2013-3471 // JVNDB: JVNDB-2013-003939 // BID: 62030 // VULHUB: VHN-63473

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.1

Trust: 0.8

sources: JVNDB: JVNDB-2013-003939 // CNNVD: CNNVD-201308-454 // NVD: CVE-2013-3471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3471
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3471
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201308-454
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63473
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3471
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63473
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63473 // JVNDB: JVNDB-2013-003939 // CNNVD: CNNVD-201308-454 // NVD: CVE-2013-3471

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-63473 // JVNDB: JVNDB-2013-003939 // NVD: CVE-2013-3471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-454

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201308-454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003939

PATCH
title:Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471
Trust: 0.8
title:30524url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30524
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003939

EXTERNAL IDS
db:NVDid:CVE-2013-3471
Trust: 2.8
db:SECTRACKid:1028965
Trust: 1.1
db:BIDid:62030
Trust: 1.0
db:JVNDBid:JVNDB-2013-003939
Trust: 0.8
db:CNNVDid:CNNVD-201308-454
Trust: 0.7
db:CISCOid:20130828 CISCO ISE CAPTIVE PORTAL APPLICATION PLAINTEXT CREDENTIALS EXPOSURE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-63473
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63473 // 
            
            
            
            BID: 62030 // 
            
            
            
            JVNDB: JVNDB-2013-003939 // 
            
            
            
            CNNVD: CNNVD-201308-454 // 
            
            
            
            NVD: CVE-2013-3471

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3471
Trust: 2.0
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30524
Trust: 1.1
url:http://www.securitytracker.com/id/1028965
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3471
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3471
Trust: 0.8
url:http://www.securityfocus.com/bid/62030
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63473 // 
            
            
            
            BID: 62030 // 
            
            
            
            JVNDB: JVNDB-2013-003939 // 
            
            
            
            CNNVD: CNNVD-201308-454 // 
            
            
            
            NVD: CVE-2013-3471

CREDITS
David Robinson of Context Information Security
Trust: 0.9
sources:
            
            
            BID: 62030 // 
            
            
            
            CNNVD: CNNVD-201308-454

SOURCES
db:VULHUBid:VHN-63473
db:BIDid:62030
db:JVNDBid:JVNDB-2013-003939
db:CNNVDid:CNNVD-201308-454
db:NVDid:CVE-2013-3471

LAST UPDATE DATE
2024-08-14T14:28:02.118000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63473date:2016-11-04T00:00:00
db:BIDid:62030date:2013-08-28T00:00:00
db:JVNDBid:JVNDB-2013-003939date:2013-09-02T00:00:00
db:CNNVDid:CNNVD-201308-454date:2013-08-30T00:00:00
db:NVDid:CVE-2013-3471date:2016-11-04T19:52:23.177

SOURCES RELEASE DATE
db:VULHUBid:VHN-63473date:2013-08-29T00:00:00
db:BIDid:62030date:2013-08-28T00:00:00
db:JVNDBid:JVNDB-2013-003939date:2013-09-02T00:00:00
db:CNNVDid:CNNVD-201308-454date:2013-08-29T00:00:00
db:NVDid:CVE-2013-3471date:2013-08-29T12:07:54.037