Sign-up

ID

VAR-201401-0344


CVE

CVE-2014-0681


TITLE

Cisco Identity Services Engine Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-001280

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064. Cisco Identity Services Engine (ISE) Contains a cross-site scripting vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCui15064. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability to inject arbitrary web script or HTML by injecting a malicious link to the report

Trust: 1.98

sources: NVD: CVE-2014-0681 // JVNDB: JVNDB-2014-001280 // BID: 65183 // VULHUB: VHN-68174

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2

Trust: 1.0

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2 patch 2

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2

Trust: 0.6

sources: JVNDB: JVNDB-2014-001280 // CNNVD: CNNVD-201401-583 // NVD: CVE-2014-0681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0681
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0681
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-583
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68174
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0681
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68174
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68174 // JVNDB: JVNDB-2014-001280 // CNNVD: CNNVD-201401-583 // NVD: CVE-2014-0681

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-68174 // JVNDB: JVNDB-2014-001280 // NVD: CVE-2014-0681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-583

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201401-583

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001280

PATCH
title:Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681
Trust: 0.8
title:32609url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32609
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001280

EXTERNAL IDS
db:NVDid:CVE-2014-0681
Trust: 2.8
db:BIDid:65183
Trust: 1.4
db:OSVDBid:102589
Trust: 1.1
db:SECUNIAid:56714
Trust: 1.1
db:SECTRACKid:1029699
Trust: 1.1
db:JVNDBid:JVNDB-2014-001280
Trust: 0.8
db:CNNVDid:CNNVD-201401-583
Trust: 0.7
db:CISCOid:20140128 CISCO IDENTITY SERVICES ENGINE REPORTS OUTPUT CROSS-SITE SCRIPTING VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68174
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68174 // 
            
            
            
            BID: 65183 // 
            
            
            
            JVNDB: JVNDB-2014-001280 // 
            
            
            
            CNNVD: CNNVD-201401-583 // 
            
            
            
            NVD: CVE-2014-0681

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0681
Trust: 1.7
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32609
Trust: 1.7
url:http://www.securityfocus.com/bid/65183
Trust: 1.1
url:http://osvdb.org/102589
Trust: 1.1
url:http://www.securitytracker.com/id/1029699
Trust: 1.1
url:http://secunia.com/advisories/56714
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0681
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0681
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68174 // 
            
            
            
            BID: 65183 // 
            
            
            
            JVNDB: JVNDB-2014-001280 // 
            
            
            
            CNNVD: CNNVD-201401-583 // 
            
            
            
            NVD: CVE-2014-0681

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 65183

SOURCES
db:VULHUBid:VHN-68174
db:BIDid:65183
db:JVNDBid:JVNDB-2014-001280
db:CNNVDid:CNNVD-201401-583
db:NVDid:CVE-2014-0681

LAST UPDATE DATE
2024-11-23T23:05:48.393000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68174date:2018-01-03T00:00:00
db:BIDid:65183date:2014-01-31T01:04:00
db:JVNDBid:JVNDB-2014-001280date:2014-01-30T00:00:00
db:CNNVDid:CNNVD-201401-583date:2014-02-07T00:00:00
db:NVDid:CVE-2014-0681date:2024-11-21T02:02:39.053

SOURCES RELEASE DATE
db:VULHUBid:VHN-68174date:2014-01-29T00:00:00
db:BIDid:65183date:2014-01-28T00:00:00
db:JVNDBid:JVNDB-2014-001280date:2014-01-30T00:00:00
db:CNNVDid:CNNVD-201401-583date:2014-01-29T00:00:00
db:NVDid:CVE-2014-0681date:2014-01-29T18:34:05.340