cvelistv5 - CVE-2013-5531

CVE-2013-5531 (GCVE-0-2013-5531)

Vulnerability from cvelistv5

Published

2013-10-25 01:00

Modified

2024-09-16 17:58

Severity ?

CWE

Summary

References

URL

Tags

	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-25T01:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5531",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5531",
    "datePublished": "2013-10-25T01:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-16T17:58:57.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-5531\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2013-10-25T03:52:55.017\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.\"},{\"lang\":\"es\",\"value\":\"Cisco Identity Services Engine (ISE) 1.x anteriores a 1.1.1 permite a atacantes remotos sortear la autenticaci\u00f3n, y leer configuraci\u00f3n de soporte y datos de credenciales, a traves de una sesion TCP manipulada en el puerto 443, tambien conocido como Bug ID CSCty20405.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50CE032F-3BD1-462D-B2DD-4088EA7CE037\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-454

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Cisco Identity Services Engine. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Identity Services Engine	Cisco Identity Services Engine versions 1.1.4 antérieures à la version 1.1.4.218-7
Cisco	Identity Services Engine	Cisco Identity Services Engine versions 1.1.2 antérieures à la version 1.1.2.145-10
Cisco	Identity Services Engine	Cisco Identity Services Engine versions 1.2 antérieures à la version 1.2.0.899-2
Cisco	Identity Services Engine	Cisco Identity Services Engine versions 1.1.1 antérieures à la version 1.1.1.268-7
Cisco	Identity Services Engine	Cisco Identity Services Engine versions 1.0 et 1.1.0 antérieures à la version 1.1.0.665-5
Cisco	Identity Services Engine	Cisco Identity Services Engine versions 1.1.3 antérieures à la version 1.1.3.124-7

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160113-ise du 24 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20131023-ise du 24 septembre 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20131023-ise du 24 septembre 2018	-	other
Bulletin de sécurité Cisco cisco-sa-20160113-ise du 24 septembre 2018	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Identity Services Engine versions 1.1.4 ant\u00e9rieures \u00e0 la version 1.1.4.218-7",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Identity Services Engine versions 1.1.2 ant\u00e9rieures \u00e0 la version 1.1.2.145-10",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Identity Services Engine versions 1.2 ant\u00e9rieures \u00e0 la version 1.2.0.899-2",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Identity Services Engine versions 1.1.1 ant\u00e9rieures \u00e0 la version 1.1.1.268-7",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Identity Services Engine versions 1.0 et 1.1.0 ant\u00e9rieures \u00e0 la version 1.1.0.665-5",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Identity Services Engine versions 1.1.3 ant\u00e9rieures \u00e0 la version 1.1.3.124-7",
      "product": {
        "name": "Identity Services Engine",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-6323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6323"
    },
    {
      "name": "CVE-2013-5530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5530"
    },
    {
      "name": "CVE-2013-5531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5531"
    }
  ],
  "initial_release_date": "2018-09-25T00:00:00",
  "last_revision_date": "2018-09-25T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0cisco-sa-20131023-ise du 24 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0cisco-sa-20160113-ise du 24 septembre 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
    }
  ],
  "reference": "CERTFR-2018-AVI-454",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Identity\nServices Engine. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Identity Services Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise du 24 septembre 2018",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-ise du 24 septembre 2018",
      "url": null
    }
  ]
}

CERTA-2013-AVI-607

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Cisco Identity Services Engine. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco ISE

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20131023-ise du 23 octobre 2013	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20131023-ise du 23 octobre 2013	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco ISE\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5530"
    },
    {
      "name": "CVE-2013-5531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5531"
    }
  ],
  "initial_release_date": "2013-10-24T00:00:00",
  "last_revision_date": "2013-10-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-ise du 23    octobre 2013",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    }
  ],
  "reference": "CERTA-2013-AVI-607",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eCisco Identity Services Engine\u003c/span\u003e. Elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Identity Services Engine",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-ise du 23 octobre 2013",
      "url": null
    }
  ]
}

gsd-2013-5531

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-5531

Aliases

CVE-2013-5531

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-5531",
    "description": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.",
    "id": "GSD-2013-5531"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-5531"
      ],
      "details": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.",
      "id": "GSD-2013-5531",
      "modified": "2023-12-13T01:22:21.709290Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2013-5531",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5531"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-10-25T18:57Z",
      "publishedDate": "2013-10-25T03:52Z"
    }
  }
}

fkie_cve-2013-5531

Vulnerability from fkie_nvd

Published

2013-10-25 03:52

Modified

2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	identity_services_engine_software	1.0
	cisco	identity_services_engine_software	1.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine (ISE) 1.x anteriores a 1.1.1 permite a atacantes remotos sortear la autenticaci\u00f3n, y leer configuraci\u00f3n de soporte y datos de credenciales, a traves de una sesion TCP manipulada en el puerto 443, tambien conocido como Bug ID CSCty20405."
    }
  ],
  "id": "CVE-2013-5531",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-25T03:52:55.017",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201310-0514

Vulnerability from variot

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and obtains sensitive information. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCty20405. Versions prior to Cisco Identity Services Engine 1.1.1 are vulnerable. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability by sending a specially crafted request to an affected system to download a complete product support package and obtain sensitive information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201310-0514",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "identity services engine software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.0"
      },
      {
        "model": "identity services engine software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.1"
      },
      {
        "model": "identity services engine software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.1.1"
      },
      {
        "model": "identity services engine software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.x"
      },
      {
        "model": "identity services engine",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:cisco:identity_services_engine",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:cisco:identity_services_engine_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "63297"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-5531",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-5531",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-65533",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-5531",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-5531",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201310-570",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65533",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine is prone to a remote authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and obtains sensitive information. This may lead to further attacks. \nThis issue is tracked by Cisco Bug ID CSCty20405. \nVersions prior to Cisco Identity Services Engine 1.1.1 are vulnerable. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A remote attacker could exploit this vulnerability by sending a specially crafted request to an affected system to download a complete product support package and obtain sensitive information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "BID",
        "id": "63297"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5531",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "63297",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897",
        "trust": 0.8
      },
      {
        "db": "CISCO",
        "id": "20131023 MULTIPLE VULNERABILITIES IN CISCO IDENTITY SERVICES ENGINE",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-65533",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "db": "BID",
        "id": "63297"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "id": "VAR-201310-0514",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T21:45:31.229000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20131023-ise",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
      },
      {
        "title": "31294",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31294"
      },
      {
        "title": "31295",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31295"
      },
      {
        "title": "cisco-sa-20131023-ise",
        "trust": 0.8,
        "url": "http://www.cisco.com/cisco/web/support/JP/112/1120/1120753_cisco-sa-20131023-ise-j.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20131023-ise"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5531"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5531"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/63297"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=31295"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "db": "BID",
        "id": "63297"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "db": "BID",
        "id": "63297"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "date": "2013-10-23T00:00:00",
        "db": "BID",
        "id": "63297"
      },
      {
        "date": "2013-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "date": "2013-10-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "date": "2013-10-25T03:52:55.017000",
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-10-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65533"
      },
      {
        "date": "2013-10-23T00:00:00",
        "db": "BID",
        "id": "63297"
      },
      {
        "date": "2013-10-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      },
      {
        "date": "2013-10-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      },
      {
        "date": "2024-11-21T01:57:39.097000",
        "db": "NVD",
        "id": "CVE-2013-5531"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Identity Services Engine Vulnerabilities that bypass authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-004897"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-570"
      }
    ],
    "trust": 0.6
  }
}

ghsa-3mxh-57x7-m994

Vulnerability from github

Published

2022-05-17 04:59

Modified

2022-05-17 04:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-5531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-10-25T03:52:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.",
  "id": "GHSA-3mxh-57x7-m994",
  "modified": "2022-05-17T04:59:19Z",
  "published": "2022-05-17T04:59:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-5531"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-5531 (GCVE-0-2013-5531)

Vulnerability from cvelistv5

CERTFR-2018-AVI-454

Vulnerability from certfr_avis

Solution

CERTA-2013-AVI-607

Vulnerability from certfr_avis

Solution

gsd-2013-5531

Vulnerability from gsd

fkie_cve-2013-5531

Vulnerability from fkie_nvd

var-201310-0514

Vulnerability from variot

ghsa-3mxh-57x7-m994

Vulnerability from github

Tags

Sightings

Nomenclature