ID

VAR-201310-0508


CVE

CVE-2013-5525


TITLE

Cisco Identity Services Engine of Web In the framework SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004598

DESCRIPTION

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCug90502. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote authorized attacker can exploit this vulnerability to execute arbitrary SQL commands

Trust: 1.98

sources: NVD: CVE-2013-5525 // JVNDB: JVNDB-2013-004598 // BID: 62799 // VULHUB: VHN-65527

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2

Trust: 1.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2

Trust: 0.6

sources: JVNDB: JVNDB-2013-004598 // CNNVD: CNNVD-201310-149 // NVD: CVE-2013-5525

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5525
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5525
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201310-149
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65527
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5525
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65527
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65527 // JVNDB: JVNDB-2013-004598 // CNNVD: CNNVD-201310-149 // NVD: CVE-2013-5525

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-65527 // JVNDB: JVNDB-2013-004598 // NVD: CVE-2013-5525

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-149

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201310-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004598

PATCH

title:Cisco Identity Services Engine Blind SQL Injection Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525

Trust: 0.8

title:31160url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31160

Trust: 0.8

sources: JVNDB: JVNDB-2013-004598

EXTERNAL IDS

db:NVDid:CVE-2013-5525

Trust: 2.8

db:SECTRACKid:1029156

Trust: 1.1

db:SECUNIAid:55098

Trust: 1.1

db:OSVDBid:98167

Trust: 1.1

db:JVNDBid:JVNDB-2013-004598

Trust: 0.8

db:CNNVDid:CNNVD-201310-149

Trust: 0.7

db:CISCOid:20131007 CISCO IDENTITY SERVICES ENGINE BLIND SQL INJECTION VULNERABILITY

Trust: 0.6

db:BIDid:62799

Trust: 0.4

db:VULHUBid:VHN-65527

Trust: 0.1

sources: VULHUB: VHN-65527 // BID: 62799 // JVNDB: JVNDB-2013-004598 // CNNVD: CNNVD-201310-149 // NVD: CVE-2013-5525

REFERENCES

url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5525

Trust: 1.7

url:http://tools.cisco.com/security/center/viewalert.x?alertid=31160

Trust: 1.7

url:http://osvdb.org/98167

Trust: 1.1

url:http://www.securitytracker.com/id/1029156

Trust: 1.1

url:http://secunia.com/advisories/55098

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/87723

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5525

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5525

Trust: 0.8

url:www.cisco.com

Trust: 0.3

sources: VULHUB: VHN-65527 // BID: 62799 // JVNDB: JVNDB-2013-004598 // CNNVD: CNNVD-201310-149 // NVD: CVE-2013-5525

CREDITS

Cisco

Trust: 0.3

sources: BID: 62799

SOURCES

db:VULHUBid:VHN-65527
db:BIDid:62799
db:JVNDBid:JVNDB-2013-004598
db:CNNVDid:CNNVD-201310-149
db:NVDid:CVE-2013-5525

LAST UPDATE DATE

2024-11-23T22:02:21.068000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-65527date:2017-08-29T00:00:00
db:BIDid:62799date:2013-10-10T06:33:00
db:JVNDBid:JVNDB-2013-004598date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-149date:2013-10-11T00:00:00
db:NVDid:CVE-2013-5525date:2024-11-21T01:57:38.407

SOURCES RELEASE DATE

db:VULHUBid:VHN-65527date:2013-10-10T00:00:00
db:BIDid:62799date:2013-10-07T00:00:00
db:JVNDBid:JVNDB-2013-004598date:2013-10-11T00:00:00
db:CNNVDid:CNNVD-201310-149date:2013-10-11T00:00:00
db:NVDid:CVE-2013-5525date:2013-10-10T10:55:06.677