CVE-2013-3395

2013-07-0203:43:34

CWE-352

cisco

web.nvd.nist.gov

cve-2013-3395

cross-site request forgery

csrf

cisco

ironport

web security appliance

wsa

email security appliance

esa

content security management appliance

sma

bug ids

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.001

Percentile

40.6%

JSON

Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.

Affected configurations

Nvd

Node

ciscocontent_security_management_applianceMatch-

ciscoweb_security_applianceMatch-

ciscoemail_security_appliance_firmwareMatch-

VendorProductVersionCPE
ciscocontent_security_management_appliance-cpe:2.3:h:cisco:content_security_management_appliance:-:*:*:*:*:*:*:*
ciscoweb_security_appliance-cpe:2.3:h:cisco:web_security_appliance:-:*:*:*:*:*:*:*
ciscoemail_security_appliance_firmware-cpe:2.3:o:cisco:email_security_appliance_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	content_security_management_appliance	-	cpe:2.3:h:cisco:content_security_management_appliance:-:::::::*
cisco	web_security_appliance	-	cpe:2.3:h:cisco:web_security_appliance:-:::::::*
cisco	email_security_appliance_firmware	-	cpe:2.3:o:cisco:email_security_appliance_firmware:-:::::::*