Details of VAR-201310-0514

ID

VAR-201310-0514

CVE

CVE-2013-5531

TITLE

Cisco Identity Services Engine Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-004897

DESCRIPTION

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and obtains sensitive information. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCty20405. Versions prior to Cisco Identity Services Engine 1.1.1 are vulnerable. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability by sending a specially crafted request to an affected system to download a complete product support package and obtain sensitive information

Trust: 1.98

sources: NVD: CVE-2013-5531 // JVNDB: JVNDB-2013-004897 // BID: 63297 // VULHUB: VHN-65533

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.0	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.1	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	lt	version:	1.x	Trust: 0.8
vendor:	cisco	model:	identity services engine	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-004897 // CNNVD: CNNVD-201310-570 // NVD: CVE-2013-5531

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5531
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5531
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201310-570
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65533
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5531
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-65533
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-65533 // JVNDB: JVNDB-2013-004897 // CNNVD: CNNVD-201310-570 // NVD: CVE-2013-5531

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-65533 // JVNDB: JVNDB-2013-004897 // NVD: CVE-2013-5531

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-570

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201310-570

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004897

PATCH

title:	cisco-sa-20131023-ise	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise	Trust: 0.8
title:	31294	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31294	Trust: 0.8
title:	31295	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=31295	Trust: 0.8
title:	cisco-sa-20131023-ise	url:	http://www.cisco.com/cisco/web/support/JP/112/1120/1120753_cisco-sa-20131023-ise-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2013-004897

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5531	Trust: 2.8
db:	BID	id:	63297	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-004897	Trust: 0.8
db:	CISCO	id:	20131023 MULTIPLE VULNERABILITIES IN CISCO IDENTITY SERVICES ENGINE	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-570	Trust: 0.6
db:	VULHUB	id:	VHN-65533	Trust: 0.1

sources: VULHUB: VHN-65533 // BID: 63297 // JVNDB: JVNDB-2013-004897 // CNNVD: CNNVD-201310-570 // NVD: CVE-2013-5531

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131023-ise	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5531	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5531	Trust: 0.8
url:	http://www.securityfocus.com/bid/63297	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=31295	Trust: 0.3

sources: VULHUB: VHN-65533 // BID: 63297 // JVNDB: JVNDB-2013-004897 // CNNVD: CNNVD-201310-570 // NVD: CVE-2013-5531

CREDITS

Cisco

Trust: 0.9

sources: BID: 63297 // CNNVD: CNNVD-201310-570

SOURCES

db:	VULHUB	id:	VHN-65533
db:	BID	id:	63297
db:	JVNDB	id:	JVNDB-2013-004897
db:	CNNVD	id:	CNNVD-201310-570
db:	NVD	id:	CVE-2013-5531

LAST UPDATE DATE

2024-11-23T21:45:31.229000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-65533	date:	2013-10-25T00:00:00
db:	BID	id:	63297	date:	2013-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-004897	date:	2013-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201310-570	date:	2013-10-24T00:00:00
db:	NVD	id:	CVE-2013-5531	date:	2024-11-21T01:57:39.097

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-65533	date:	2013-10-25T00:00:00
db:	BID	id:	63297	date:	2013-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-004897	date:	2013-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201310-570	date:	2013-10-24T00:00:00
db:	NVD	id:	CVE-2013-5531	date:	2013-10-25T03:52:55.017