CVE-2013-5523

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) versions 1.2 and earlier

Description The issue is related to a "cross-frame scripting (XFS)" problem, where the Sponsor Portal in Cisco Identity Services Engine (ISE) does not properly restrict the use of IFRAME elements. This makes it easier for remote attackers to conduct clickjacking attacks and other unspecified attacks via a crafted web site.

Recommendations For Cisco Identity Services Engine (ISE) versions 1.2 and earlier, consider disabling the use of IFRAME elements in the Sponsor Portal as a temporary workaround until a patch is available. Restrict access to the Sponsor Portal to minimize the risk of exploitation.