CVE-2013-5530 - OpenCVE

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Identity Services Engine Software

Configuration 1 [-]

OR	cpe:2.3:a:cisco:identity_services_engine_software:1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.1:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.2:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise
http://www.kb.cert.org/vuls/id/952422

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2013-10-25T01:00:00

Updated: 2024-08-06T17:15:20.879Z

Reserved: 2013-08-22T00:00:00

Link: CVE-2013-5530

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-10-25T03:52:54.987

Modified: 2016-09-21T20:37:17.140

Link: CVE-2013-5530

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-23T00:00:00", "descriptions": [{"lang": "en", "value": "The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-01T17:26:34", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "VU#952422", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/952422"}, {"name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-5530", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#952422", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/952422"}, {"name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:15:20.879Z"}, "title": "CVE Program Container", "references": [{"name": "VU#952422", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/952422"}, {"name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-5530", "datePublished": "2013-10-25T01:00:00", "dateReserved": "2013-08-22T00:00:00", "dateUpdated": "2024-08-06T17:15:20.879Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "82FCEF17-0223-44B8-947E-9CC733ED28DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BFA5CBE3-DBA6-4A3E-A07A-250C0C7155EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "26AD33E0-8946-4AEE-BA17-F5C270EF2320", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "E6F6C359-EA1F-4194-8561-6B9E0B44A0A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F2D8379-16E9-4CB7-85B6-66BF98E23E52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511."}, {"lang": "es", "value": "El framework web de Cisco Identitiy Services Engine (ISE) 1.0 y 1.1.0 antes 1.1.0.665-5, antes 1.1.1.268-7 1.1.1, 1.1.2 antes 1.1.2.145-10, 1.1.3 antes 1.1.3.124 -7, antes 1.1.4.218-7 1.1.4 y 1.2 antes 1.2.0.899-2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sesi\u00f3n manipulada en el puerto TCP 443, tambi\u00e9n conocido como Bug ID CSCuh81511."}], "id": "CVE-2013-5530", "lastModified": "2016-09-21T20:37:17.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-25T03:52:54.987", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/952422"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}