Sign-up

ID

VAR-201310-0503


CVE

CVE-2013-5519


TITLE

Cisco Wireless LAN Controller Cross-site scripting vulnerability in device management interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-004478

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuf77810

Trust: 2.52

sources: NVD: CVE-2013-5519 // JVNDB: JVNDB-2013-004478 // CNVD: CNVD-2013-13515 // BID: 62787 // VULHUB: VHN-65521

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13515

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 2.0

vendor:ciscomodel:wireless lan controllerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:3.0 to 7.5.102.0

Trust: 0.8

vendor:ciscomodel:wireless lan controllersscope:eqversion:4.2.176.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllersscope:eqversion:4.2.112.0

Trust: 0.3

sources: CNVD: CNVD-2013-13515 // BID: 62787 // JVNDB: JVNDB-2013-004478 // CNNVD: CNNVD-201310-058 // NVD: CVE-2013-5519

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5519
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5519
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-13515
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201310-058
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65521
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5519
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13515
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-65521
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-13515 // VULHUB: VHN-65521 // JVNDB: JVNDB-2013-004478 // CNNVD: CNNVD-201310-058 // NVD: CVE-2013-5519

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65521 // JVNDB: JVNDB-2013-004478 // NVD: CVE-2013-5519

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-058

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201310-058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004478

PATCH
title:Cisco WLC Web-Based Management Interface Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5519
Trust: 0.8
title:31112url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31112
Trust: 0.8
title:Cisco Wireless LAN Controller has patches for unidentified cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/40049
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-13515 // 
            
            
            
            JVNDB: JVNDB-2013-004478

EXTERNAL IDS
db:NVDid:CVE-2013-5519
Trust: 3.4
db:BIDid:62787
Trust: 2.0
db:SECUNIAid:55171
Trust: 1.7
db:OSVDBid:98083
Trust: 1.1
db:JVNDBid:JVNDB-2013-004478
Trust: 0.8
db:CNNVDid:CNNVD-201310-058
Trust: 0.7
db:CNVDid:CNVD-2013-13515
Trust: 0.6
db:CISCOid:20131002 CISCO WLC WEB-BASED MANAGEMENT INTERFACE CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65521
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-13515 // 
            
            
            
            VULHUB: VHN-65521 // 
            
            
            
            BID: 62787 // 
            
            
            
            JVNDB: JVNDB-2013-004478 // 
            
            
            
            CNNVD: CNNVD-201310-058 // 
            
            
            
            NVD: CVE-2013-5519

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5519
Trust: 2.3
url:http://www.securityfocus.com/bid/62787
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31112
Trust: 1.1
url:http://osvdb.org/98083
Trust: 1.1
url:http://secunia.com/advisories/55171
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5519
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5519
Trust: 0.8
url:http://secunia.com/advisories/55171/
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13515 // 
            
            
            
            VULHUB: VHN-65521 // 
            
            
            
            BID: 62787 // 
            
            
            
            JVNDB: JVNDB-2013-004478 // 
            
            
            
            CNNVD: CNNVD-201310-058 // 
            
            
            
            NVD: CVE-2013-5519

CREDITS
Reported by the vendor.
Trust: 0.3
sources:
            
            
            BID: 62787

SOURCES
db:CNVDid:CNVD-2013-13515
db:VULHUBid:VHN-65521
db:BIDid:62787
db:JVNDBid:JVNDB-2013-004478
db:CNNVDid:CNNVD-201310-058
db:NVDid:CVE-2013-5519

LAST UPDATE DATE
2024-11-23T23:02:51.544000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13515date:2013-10-10T00:00:00
db:VULHUBid:VHN-65521date:2013-10-17T00:00:00
db:BIDid:62787date:2013-10-04T00:15:00
db:JVNDBid:JVNDB-2013-004478date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-058date:2013-10-09T00:00:00
db:NVDid:CVE-2013-5519date:2024-11-21T01:57:37.773

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-13515date:2013-10-10T00:00:00
db:VULHUBid:VHN-65521date:2013-10-03T00:00:00
db:BIDid:62787date:2013-10-02T00:00:00
db:JVNDBid:JVNDB-2013-004478date:2013-10-07T00:00:00
db:CNNVDid:CNNVD-201310-058date:2013-10-09T00:00:00
db:NVDid:CVE-2013-5519date:2013-10-03T11:04:43.540