Sign-up

ID

VAR-201310-0507


CVE

CVE-2013-5524


TITLE

Cisco Identity Services Engine Troubleshooting page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004597

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCug77655. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability is caused by the program's insufficient filtering of input parameters. A remote attacker can exploit this vulnerability to inject arbitrary Web scripts or HTML by enticing users to open malicious links

Trust: 1.98

sources: NVD: CVE-2013-5524 // JVNDB: JVNDB-2013-004597 // BID: 62870 // VULHUB: VHN-65526

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2

Trust: 1.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2

Trust: 0.6

sources: JVNDB: JVNDB-2013-004597 // CNNVD: CNNVD-201310-148 // NVD: CVE-2013-5524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5524
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5524
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-148
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65526
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5524
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65526
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65526 // JVNDB: JVNDB-2013-004597 // CNNVD: CNNVD-201310-148 // NVD: CVE-2013-5524

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65526 // JVNDB: JVNDB-2013-004597 // NVD: CVE-2013-5524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-148

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201310-148

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004597

PATCH
title:Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524
Trust: 0.8
title:31159url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31159
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004597

EXTERNAL IDS
db:NVDid:CVE-2013-5524
Trust: 2.8
db:BIDid:62870
Trust: 1.4
db:SECUNIAid:55067
Trust: 1.1
db:SECTRACKid:1029155
Trust: 1.1
db:OSVDBid:98166
Trust: 1.1
db:JVNDBid:JVNDB-2013-004597
Trust: 0.8
db:CNNVDid:CNNVD-201310-148
Trust: 0.7
db:CISCOid:20131007 CISCO IDENTITY SERVICES ENGINE TROUBLESHOOTING INTERFACE CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65526
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65526 // 
            
            
            
            BID: 62870 // 
            
            
            
            JVNDB: JVNDB-2013-004597 // 
            
            
            
            CNNVD: CNNVD-201310-148 // 
            
            
            
            NVD: CVE-2013-5524

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5524
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=31159
Trust: 1.7
url:http://www.securityfocus.com/bid/62870
Trust: 1.1
url:http://osvdb.org/98166
Trust: 1.1
url:http://www.securitytracker.com/id/1029155
Trust: 1.1
url:http://secunia.com/advisories/55067
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87722
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5524
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5524
Trust: 0.8
sources:
            
            
            VULHUB: VHN-65526 // 
            
            
            
            JVNDB: JVNDB-2013-004597 // 
            
            
            
            CNNVD: CNNVD-201310-148 // 
            
            
            
            NVD: CVE-2013-5524

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 62870

SOURCES
db:VULHUBid:VHN-65526
db:BIDid:62870
db:JVNDBid:JVNDB-2013-004597
db:CNNVDid:CNNVD-201310-148
db:NVDid:CVE-2013-5524

LAST UPDATE DATE
2024-11-23T22:56:39.624000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65526date:2017-08-29T00:00:00
db:BIDid:62870date:2013-10-10T06:43:00
db:JVNDBid:JVNDB-2013-004597date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-148date:2013-10-11T00:00:00
db:NVDid:CVE-2013-5524date:2024-11-21T01:57:38.280

SOURCES RELEASE DATE
db:VULHUBid:VHN-65526date:2013-10-10T00:00:00
db:BIDid:62870date:2013-10-07T00:00:00
db:JVNDBid:JVNDB-2013-004597date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-148date:2013-10-11T00:00:00
db:NVDid:CVE-2013-5524date:2013-10-10T10:55:06.617