Vulnerability Details : CVE-2013-5523
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
Vulnerability category: Input validation
Products affected by CVE-2013-5523
- cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-5523
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-5523
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-5523
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-5523
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523
Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting VulnerabilityVendor Advisory
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=31161
Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1029157
Cisco Identity Services Engine Input Validation Flaw in Sponsor Portal Permits Cross-Frame Scripting Attacks - SecurityTrackerThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87724
Cisco Identity Services Engine Sponsor Portal cross-frame scripting CVE-2013-5523 Vulnerability Report
-
http://www.securityfocus.com/bid/62869
Cisco Identity Services Engine CVE-2013-5523 Cross Frame Scripting VulnerabilityThird Party Advisory;VDB Entry
Jump to