Sign-up

ID

VAR-201309-0450


CVE

CVE-2013-5482


TITLE

Cisco Prime LAN Management Solution Vulnerable to clickjacking

Trust: 0.8

sources: JVNDB: JVNDB-2013-004109

DESCRIPTION

Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCug77823. This is a cross-frame scripting (XFS) Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCtk77823 It is released as.Skillfully crafted by a third party Web A clickjacking attack may be performed through the site, and other attacks may be performed. Successful exploits will allow attackers to bypass the same-origin policy and obtain potentially sensitive information; other attacks are possible. The solution configures, manages, monitors and maintains the network

Trust: 1.98

sources: NVD: CVE-2013-5482 // JVNDB: JVNDB-2013-004109 // BID: 62366 // VULHUB: VHN-65484

AFFECTED PRODUCTS

vendor:ciscomodel:prime lan management solutionscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:prime lan management solutionscope:lteversion:4.2.3

Trust: 0.8

sources: JVNDB: JVNDB-2013-004109 // CNNVD: CNNVD-201309-192 // NVD: CVE-2013-5482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5482
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5482
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-192
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65484
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5482
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65484
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65484 // JVNDB: JVNDB-2013-004109 // CNNVD: CNNVD-201309-192 // NVD: CVE-2013-5482

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-65484 // JVNDB: JVNDB-2013-004109 // NVD: CVE-2013-5482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-192

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-192

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004109

PATCH
title:Cisco Prime LAN Management Solution Cross-Frame Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5482
Trust: 0.8
title:30769url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30769
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004109

EXTERNAL IDS
db:NVDid:CVE-2013-5482
Trust: 2.8
db:JVNDBid:JVNDB-2013-004109
Trust: 0.8
db:CNNVDid:CNNVD-201309-192
Trust: 0.7
db:CISCOid:20130912 CISCO PRIME LAN MANAGEMENT SOLUTION CROSS-FRAME SCRIPTING VULNERABILITY
Trust: 0.6
db:BIDid:62366
Trust: 0.4
db:VULHUBid:VHN-65484
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65484 // 
            
            
            
            BID: 62366 // 
            
            
            
            JVNDB: JVNDB-2013-004109 // 
            
            
            
            CNNVD: CNNVD-201309-192 // 
            
            
            
            NVD: CVE-2013-5482

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5482
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5482
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5482
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps11200/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65484 // 
            
            
            
            BID: 62366 // 
            
            
            
            JVNDB: JVNDB-2013-004109 // 
            
            
            
            CNNVD: CNNVD-201309-192 // 
            
            
            
            NVD: CVE-2013-5482

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 62366

SOURCES
db:VULHUBid:VHN-65484
db:BIDid:62366
db:JVNDBid:JVNDB-2013-004109
db:CNNVDid:CNNVD-201309-192
db:NVDid:CVE-2013-5482

LAST UPDATE DATE
2024-11-23T22:02:21.493000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65484date:2013-09-13T00:00:00
db:BIDid:62366date:2013-09-12T00:00:00
db:JVNDBid:JVNDB-2013-004109date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-192date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5482date:2024-11-21T01:57:33.880

SOURCES RELEASE DATE
db:VULHUBid:VHN-65484date:2013-09-13T00:00:00
db:BIDid:62366date:2013-09-12T00:00:00
db:JVNDBid:JVNDB-2013-004109date:2013-09-17T00:00:00
db:CNNVDid:CNNVD-201309-192date:2013-09-16T00:00:00
db:NVDid:CVE-2013-5482date:2013-09-13T14:10:27.317