Sign-up

ID

VAR-201310-0524


CVE

CVE-2013-5541


TITLE

Cisco Identity Services Engine of file-upload Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-004731

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary files on the web server. This issue is tracked by Cisco bug ID CSCui67495. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The vulnerability is due to the program's insufficient validation of uploaded file names

Trust: 1.98

sources: NVD: CVE-2013-5541 // JVNDB: JVNDB-2013-004731 // BID: 63033 // VULHUB: VHN-65543

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services enginescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2

Trust: 0.8

sources: JVNDB: JVNDB-2013-004731 // CNNVD: CNNVD-201310-322 // NVD: CVE-2013-5541

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5541
value: LOW

Trust: 1.0

NVD: CVE-2013-5541
value: LOW

Trust: 0.8

CNNVD: CNNVD-201310-322
value: LOW

Trust: 0.6

VULHUB: VHN-65543
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-5541
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65543
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65543 // JVNDB: JVNDB-2013-004731 // CNNVD: CNNVD-201310-322 // NVD: CVE-2013-5541

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65543 // JVNDB: JVNDB-2013-004731 // NVD: CVE-2013-5541

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-322

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201310-322

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004731

PATCH
title:Cisco Identity Services Engine Upload Filename Validation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541
Trust: 0.8
title:31277url:http://tools.cisco.com/security/center/viewAlert.x?alertId=31277
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004731

EXTERNAL IDS
db:NVDid:CVE-2013-5541
Trust: 2.8
db:JVNDBid:JVNDB-2013-004731
Trust: 0.8
db:CNNVDid:CNNVD-201310-322
Trust: 0.7
db:CISCOid:20131015 CISCO IDENTITY SERVICES ENGINE UPLOAD FILENAME VALIDATION VULNERABILITY
Trust: 0.6
db:BIDid:63033
Trust: 0.4
db:VULHUBid:VHN-65543
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65543 // 
            
            
            
            BID: 63033 // 
            
            
            
            JVNDB: JVNDB-2013-004731 // 
            
            
            
            CNNVD: CNNVD-201310-322 // 
            
            
            
            NVD: CVE-2013-5541

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5541
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5541
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5541
Trust: 0.8
url:http://proquiz.softon.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65543 // 
            
            
            
            BID: 63033 // 
            
            
            
            JVNDB: JVNDB-2013-004731 // 
            
            
            
            CNNVD: CNNVD-201310-322 // 
            
            
            
            NVD: CVE-2013-5541

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 63033

SOURCES
db:VULHUBid:VHN-65543
db:BIDid:63033
db:JVNDBid:JVNDB-2013-004731
db:CNNVDid:CNNVD-201310-322
db:NVDid:CVE-2013-5541

LAST UPDATE DATE
2024-11-23T23:02:51.513000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65543date:2013-10-16T00:00:00
db:BIDid:63033date:2013-10-17T01:05:00
db:JVNDBid:JVNDB-2013-004731date:2013-10-18T00:00:00
db:CNNVDid:CNNVD-201310-322date:2013-10-17T00:00:00
db:NVDid:CVE-2013-5541date:2024-11-21T01:57:40.157

SOURCES RELEASE DATE
db:VULHUBid:VHN-65543date:2013-10-16T00:00:00
db:BIDid:63033date:2013-10-15T00:00:00
db:JVNDBid:JVNDB-2013-004731date:2013-10-18T00:00:00
db:CNNVDid:CNNVD-201310-322date:2013-10-17T00:00:00
db:NVDid:CVE-2013-5541date:2013-10-16T10:52:45.433