Sign-up

ID

VAR-201310-0513


CVE

CVE-2013-5530


TITLE

Cisco Identity Services Engine contains an input validation vulnerability

Trust: 0.8

sources: CERT/CC: VU#952422

DESCRIPTION

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. An attacker can exploit this issue to execute arbitrary commands with the privileges of the root user. This issue is being tracked by Cisco Bug ID CSCuh81511. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 2.7

sources: NVD: CVE-2013-5530 // CERT/CC: VU#952422 // JVNDB: JVNDB-2013-004896 // BID: 63295 // VULHUB: VHN-65532

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.2

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.4

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.3

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.1

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0

Trust: 1.6

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.0.665-5

Trust: 0.8

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.2.145-10

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.1.268-7

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.4.218-7

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.1.1

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.1.4

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2.0.899-2

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.0

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.3.124-7

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.1.3

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.1.2

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.2

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.1.0

Trust: 0.8

sources: CERT/CC: VU#952422 // JVNDB: JVNDB-2013-004896 // CNNVD: CNNVD-201310-614 // NVD: CVE-2013-5530

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2013-5530
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2013-5530
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201310-614
value: CRITICAL

Trust: 0.6

VULHUB: VHN-65532
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-5530
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2013-5530
severity: HIGH
baseScore: 9.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-65532
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#952422 // VULHUB: VHN-65532 // JVNDB: JVNDB-2013-004896 // CNNVD: CNNVD-201310-614 // NVD: CVE-2013-5530

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

problemtype:CWE-20

Trust: 0.8

sources: CERT/CC: VU#952422 // VULHUB: VHN-65532 // JVNDB: JVNDB-2013-004896 // NVD: CVE-2013-5530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-614

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201310-614

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004896

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#952422

PATCH
title:cisco-sa-20131023-iseurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise
Trust: 0.8
title:31294url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31294
Trust: 0.8
title:cisco-sa-20131023-iseurl:http://www.cisco.com/cisco/web/support/JP/112/1120/1120753_cisco-sa-20131023-ise-j.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004896

EXTERNAL IDS
db:NVDid:CVE-2013-5530
Trust: 2.8
db:CERT/CCid:VU#952422
Trust: 2.7
db:JVNid:JVNVU96036147
Trust: 0.8
db:JVNDBid:JVNDB-2013-004896
Trust: 0.8
db:CNNVDid:CNNVD-201310-614
Trust: 0.7
db:CISCOid:20131023 MULTIPLE VULNERABILITIES IN CISCO IDENTITY SERVICES ENGINE
Trust: 0.6
db:BIDid:63295
Trust: 0.4
db:VULHUBid:VHN-65532
Trust: 0.1
sources:
            
            
            CERT/CC: VU#952422 // 
            
            
            
            VULHUB: VHN-65532 // 
            
            
            
            BID: 63295 // 
            
            
            
            JVNDB: JVNDB-2013-004896 // 
            
            
            
            CNNVD: CNNVD-201310-614 // 
            
            
            
            NVD: CVE-2013-5530

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131023-ise
Trust: 2.5
url:http://www.kb.cert.org/vuls/id/952422
Trust: 1.9
url:http://cwe.mitre.org/data/definitions/20.html
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps11640/index.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5530
Trust: 0.8
url:http://jvn.jp/cert/jvnvu96036147/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5530
Trust: 0.8
sources:
            
            
            CERT/CC: VU#952422 // 
            
            
            
            VULHUB: VHN-65532 // 
            
            
            
            JVNDB: JVNDB-2013-004896 // 
            
            
            
            CNNVD: CNNVD-201310-614 // 
            
            
            
            NVD: CVE-2013-5530

CREDITS
Jan Kadijk from Warpnet and Stephen Hosom
Trust: 0.3
sources:
            
            
            BID: 63295

SOURCES
db:CERT/CCid:VU#952422
db:VULHUBid:VHN-65532
db:BIDid:63295
db:JVNDBid:JVNDB-2013-004896
db:CNNVDid:CNNVD-201310-614
db:NVDid:CVE-2013-5530

LAST UPDATE DATE
2024-11-23T21:45:31.260000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#952422date:2013-11-12T00:00:00
db:VULHUBid:VHN-65532date:2016-09-21T00:00:00
db:BIDid:63295date:2013-10-28T17:43:00
db:JVNDBid:JVNDB-2013-004896date:2013-10-31T00:00:00
db:CNNVDid:CNNVD-201310-614date:2013-10-28T00:00:00
db:NVDid:CVE-2013-5530date:2024-11-21T01:57:38.983

SOURCES RELEASE DATE
db:CERT/CCid:VU#952422date:2013-10-28T00:00:00
db:VULHUBid:VHN-65532date:2013-10-25T00:00:00
db:BIDid:63295date:2013-10-28T00:00:00
db:JVNDBid:JVNDB-2013-004896date:2013-10-28T00:00:00
db:CNNVDid:CNNVD-201310-614date:2013-10-28T00:00:00
db:NVDid:CVE-2013-5530date:2013-10-25T03:52:54.987