CVE-2013-3471

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=30524	Vendor Advisory
http://www.securitytracker.com/id/1028965	Third Party Advisory VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=30524	Vendor Advisory
http://www.securitytracker.com/id/1028965	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:53

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471 - Vendor Advisory
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=30524 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=30524 - Vendor Advisory
References	~~() http://www.securitytracker.com/id/1028965 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1028965 - Third Party Advisory, VDB Entry

Information

Published : 2013-08-29 12:07

Updated : 2024-11-21 01:53

NVD link : CVE-2013-3471

Mitre link : CVE-2013-3471

CVE.ORG link : CVE-2013-3471

JSON object : View

Products Affected

cisco

identity_services_engine_software

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2013-3471", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-29T12:07:54.037", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1028965", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1028965", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515."}, {"lang": "es", "value": "La aplicaci\u00f3n de portal cautivo en Cisco Identity Services Engine (ISE) permite a atacantes remotos descubrir los nombres de usuario y contrase\u00f1as en texto plano mediante el aprovechamiento no especificado del uso de campos ocultos en un formulario en un documento HTML, tambi\u00e9n conocido como Bug ID CSCug02515."}], "lastModified": "2024-11-21T01:53:41.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}