Sign-up

ID

VAR-201309-0441


CVE

CVE-2013-5504


TITLE

Cisco Identity Services Engine of Mobile Device Management Portal cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004362

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266. Vendors have confirmed this vulnerability Bug ID CSCui30266 It is released as.By any third party through unspecified parameters Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCui30266. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2013-5504 // JVNDB: JVNDB-2013-004362 // BID: 62694 // VULHUB: VHN-65506

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2

Trust: 0.8

sources: JVNDB: JVNDB-2013-004362 // CNNVD: CNNVD-201309-524 // NVD: CVE-2013-5504

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5504
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5504
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-524
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65506
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5504
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65506
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65506 // JVNDB: JVNDB-2013-004362 // CNNVD: CNNVD-201309-524 // NVD: CVE-2013-5504

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65506 // JVNDB: JVNDB-2013-004362 // NVD: CVE-2013-5504

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-524

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-524

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004362

PATCH
title:Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504
Trust: 0.8
title:31007url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31007
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004362

EXTERNAL IDS
db:NVDid:CVE-2013-5504
Trust: 2.8
db:BIDid:62694
Trust: 2.0
db:OSVDBid:97877
Trust: 1.1
db:SECTRACKid:1029110
Trust: 1.1
db:JVNDBid:JVNDB-2013-004362
Trust: 0.8
db:CNNVDid:CNNVD-201309-524
Trust: 0.7
db:CISCOid:20130927 CISCO IDENTITY SERVICES ENGINE MOBILE DEVICE MANAGEMENT PORTAL CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65506
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65506 // 
            
            
            
            BID: 62694 // 
            
            
            
            JVNDB: JVNDB-2013-004362 // 
            
            
            
            CNNVD: CNNVD-201309-524 // 
            
            
            
            NVD: CVE-2013-5504

REFERENCES
url:http://www.securityfocus.com/bid/62694
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5504
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31007
Trust: 1.1
url:http://osvdb.org/97877
Trust: 1.1
url:http://www.securitytracker.com/id/1029110
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87531
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5504
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5504
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65506 // 
            
            
            
            BID: 62694 // 
            
            
            
            JVNDB: JVNDB-2013-004362 // 
            
            
            
            CNNVD: CNNVD-201309-524 // 
            
            
            
            NVD: CVE-2013-5504

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 62694 // 
            
            
            
            CNNVD: CNNVD-201309-524

SOURCES
db:VULHUBid:VHN-65506
db:BIDid:62694
db:JVNDBid:JVNDB-2013-004362
db:CNNVDid:CNNVD-201309-524
db:NVDid:CVE-2013-5504

LAST UPDATE DATE
2024-11-23T22:53:28.539000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65506date:2017-08-29T00:00:00
db:BIDid:62694date:2013-10-01T00:13:00
db:JVNDBid:JVNDB-2013-004362date:2013-10-01T00:00:00
db:CNNVDid:CNNVD-201309-524date:2013-10-15T00:00:00
db:NVDid:CVE-2013-5504date:2024-11-21T01:57:36.137

SOURCES RELEASE DATE
db:VULHUBid:VHN-65506date:2013-09-30T00:00:00
db:BIDid:62694date:2013-09-27T00:00:00
db:JVNDBid:JVNDB-2013-004362date:2013-10-01T00:00:00
db:CNNVDid:CNNVD-201309-524date:2013-09-30T00:00:00
db:NVDid:CVE-2013-5504date:2013-09-30T17:09:25.457