Details of VAR-201309-0442

ID

VAR-201309-0442

CVE

CVE-2013-5505

TITLE

Cisco Identity Services Engine Management site cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004363

DESCRIPTION

Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCui30275. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2013-5505 // JVNDB: JVNDB-2013-004363 // BID: 62693 // VULHUB: VHN-65507

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	identity services engine	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	lte	version:	1.2	Trust: 0.8

sources: JVNDB: JVNDB-2013-004363 // CNNVD: CNNVD-201309-523 // NVD: CVE-2013-5505

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5505
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5505
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-523
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65507
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5505
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65507
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65507 // JVNDB: JVNDB-2013-004363 // CNNVD: CNNVD-201309-523 // NVD: CVE-2013-5505

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-65507 // JVNDB: JVNDB-2013-004363 // NVD: CVE-2013-5505

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-523

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-523

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004363

PATCH

title:	Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505	Trust: 0.8
title:	31008	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31008	Trust: 0.8

sources: JVNDB: JVNDB-2013-004363

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5505	Trust: 2.8
db:	BID	id:	62693	Trust: 2.0
db:	SECTRACK	id:	1029111	Trust: 1.1
db:	SECUNIA	id:	54626	Trust: 1.1
db:	OSVDB	id:	97875	Trust: 1.1
db:	JVNDB	id:	JVNDB-2013-004363	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-523	Trust: 0.7
db:	CISCO	id:	20130927 CISCO IDENTITY SERVICES ENGINE ADMINISTRATION INTERFACE CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-65507	Trust: 0.1

sources: VULHUB: VHN-65507 // BID: 62693 // JVNDB: JVNDB-2013-004363 // CNNVD: CNNVD-201309-523 // NVD: CVE-2013-5505

REFERENCES

url:	http://www.securityfocus.com/bid/62693	Trust: 1.7
url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5505	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31008	Trust: 1.1
url:	http://osvdb.org/97875	Trust: 1.1
url:	http://www.securitytracker.com/id/1029111	Trust: 1.1
url:	http://secunia.com/advisories/54626	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/87530	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5505	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5505	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-65507 // BID: 62693 // JVNDB: JVNDB-2013-004363 // CNNVD: CNNVD-201309-523 // NVD: CVE-2013-5505

CREDITS

Cisco

Trust: 0.9

sources: BID: 62693 // CNNVD: CNNVD-201309-523

SOURCES

db:	VULHUB	id:	VHN-65507
db:	BID	id:	62693
db:	JVNDB	id:	JVNDB-2013-004363
db:	CNNVD	id:	CNNVD-201309-523
db:	NVD	id:	CVE-2013-5505

LAST UPDATE DATE

2024-11-23T21:45:32.614000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65507	date:	2017-08-29T00:00:00
db:	BID	id:	62693	date:	2013-10-04T00:13:00
db:	JVNDB	id:	JVNDB-2013-004363	date:	2013-11-11T00:00:00
db:	CNNVD	id:	CNNVD-201309-523	date:	2013-10-15T00:00:00
db:	NVD	id:	CVE-2013-5505	date:	2024-11-21T01:57:36.257

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65507	date:	2013-09-30T00:00:00
db:	BID	id:	62693	date:	2013-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-004363	date:	2013-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201309-523	date:	2013-09-30T00:00:00
db:	NVD	id:	CVE-2013-5505	date:	2013-09-30T17:09:25.473