Vulnerability CVE-2013-5524

Vulnerability Name:

CVE-2013-5524 (CCN-87722)

Assigned:

2013-10-07

Published:

2013-10-07

Updated:

2017-08-29

Summary:

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2013-5524

Source: OSVDB
Type: UNKNOWN
98166

Source: CCN
Type: SA55067
Cisco Identity Services Engine (ISE) Trouble Shooting Interface Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: UNKNOWN
55067

Source: CCN
Type: Cisco Security Notice
Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability

Source: CISCO
Type: Vendor Advisory
20131007 Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability

Source: CONFIRM
Type: Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=31159

Source: CCN
Type: OSVDB ID: 98166
Cisco Identity Services Engine (ISE) Troubleshooting Page Unspecified Reflected XSS

Source: BID
Type: Third Party Advisory, VDB Entry
62870

Source: CCN
Type: BID-62870
Cisco Identity Services Engine CVE-2013-5524 Cross Site Scripting Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1029155

Source: XF
Type: UNKNOWN
cisco-ise-cve20135524-xss(87722)

Source: XF
Type: UNKNOWN
cisco-ise-cve20135524-xss(87722)

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*

OR cpe:/a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*

OR cpe:/a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:* (Version <= 1.2)

Configuration CCN 1:

cpe:/a:cisco:identity_services_engine:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK