Lucene search

CiscoCVE-2012-3908

HistorySep 16, 2012 - 10:34 a.m.

CVE-2012-3908

2012-09-1610:34:51

CWE-352

cisco

web.nvd.nist.gov

cve-2012-3908

csrf

ise

cisco

apache tomcat

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

52.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.

Affected configurations

Nvd

Node

ciscoidentity_services_engine_softwareMatch1.0

ciscoidentity_services_engine_softwareMatch1.0.4

ciscoidentity_services_engine_softwareMatch1.0mr

ciscoidentity_services_engine_softwareMatch1.1

ciscoidentity_services_engine_softwareMatch1.1.1

AND

ciscoidentity_services_engineMatch3300

VendorProductVersionCPE
ciscoidentity_services_engine_software1.0cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.0.4cpe:2.3:a:cisco:identity_services_engine_software:1.0.4:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.0mrcpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.1cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.1.1cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*
ciscoidentity_services_engine3300cpe:2.3:h:cisco:identity_services_engine:3300:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine_software	1.0	cpe:2.3:a:cisco:identity_services_engine_software:1.0:::::::*
cisco	identity_services_engine_software	1.0.4	cpe:2.3:a:cisco:identity_services_engine_software:1.0.4:::::::*
cisco	identity_services_engine_software	1.0mr	cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:::::::*
cisco	identity_services_engine_software	1.1	cpe:2.3:a:cisco:identity_services_engine_software:1.1:::::::*
cisco	identity_services_engine_software	1.1.1	cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:::::::*
cisco	identity_services_engine	3300	cpe:2.3:h:cisco:identity_services_engine:3300:::::::*

References

en.securitylab.ru/lab/

secunia.com/advisories/50680

www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html

www.securityfocus.com/bid/55602

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.002

Percentile

52.3%

JSON

Related for CVE-2012-3908