PT-2013-5604 · Cisco · Cisco Identity Services Engine

Published

2013-10-10

Updated

2017-08-29

CVE-2013-5523

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) versions 1.2 and earlier

Description The issue is related to a "cross-frame scripting (XFS)" problem, where the Sponsor Portal in Cisco Identity Services Engine (ISE) does not properly restrict the use of IFRAME elements. This makes it easier for remote attackers to conduct clickjacking attacks and other unspecified attacks via a crafted web site.

Recommendations For Cisco Identity Services Engine (ISE) versions 1.2 and earlier, consider disabling the use of IFRAME elements in the Sponsor Portal as a temporary workaround until a patch is available. Restrict access to the Sponsor Portal to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-5523

Affected Products

Cisco Identity Services Engine

PT-2013-5604 · Cisco · Cisco Identity Services Engine

CVE-2013-5523

Weakness Enumeration

Related Identifiers

Affected Products

References · 8