CiscoCISCO-SA-20131016-CVE-2013-5538Cisco Identity Services Engine Sponsor Portal File Access Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
65.0%
A vulnerability in the Sponsor Portal of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access files uploaded to the Sponsor Portal.
The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by accessing the URL that contains the Sponsor Portal files. An exploit could allow the attacker to read or download any files uploaded to the Sponsor Portal.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker would need to know or have access to the URL that contains the Sponsor Portal files on a targeted device, which may decrease the likelihood of a successful exploit.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | identity_services_engine_software | any | cpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
65.0%