var-201307-0209
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. Vendors have confirmed this vulnerability Bug ID CSCud75177 It is released as.A third party may be able to hijack the authentication of any user. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue is being tracked by Cisco bug ID CSCud75177. The system can respectively control network access and network device access through RADIUS and TACACS protocols
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0209",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure access control system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "secure access control system software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "5.4.0.46.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3424"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "61175"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3424",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3424",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63426",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3424",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-242",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63426",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63426"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. Vendors have confirmed this vulnerability Bug ID CSCud75177 It is released as.A third party may be able to hijack the authentication of any user. \nAttackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. \nThis issue is being tracked by Cisco bug ID CSCud75177. The system can respectively control network access and network device access through RADIUS and TACACS protocols",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "BID",
"id": "61175"
},
{
"db": "VULHUB",
"id": "VHN-63426"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3424",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-242",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20130712 CISCO SECURE ACCESS CONTROL SYSTEM ADMIN/VIEW PAGE CROSS-SITE REQUEST FORGERY VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "61175",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-63426",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63426"
},
{
"db": "BID",
"id": "61175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"id": "VAR-201307-0209",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63426"
}
],
"trust": 0.50886658
},
"last_update_date": "2023-12-18T12:21:40.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3424"
},
{
"title": "30075",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=30075"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63426"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "NVD",
"id": "CVE-2013-3424"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3424"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85625"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3424"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3424"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63426"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63426"
},
{
"db": "BID",
"id": "61175"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-63426"
},
{
"date": "2013-07-16T00:00:00",
"db": "BID",
"id": "61175"
},
{
"date": "2013-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"date": "2013-07-12T21:55:01.057000",
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"date": "2013-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63426"
},
{
"date": "2013-07-16T00:00:00",
"db": "BID",
"id": "61175"
},
{
"date": "2013-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003346"
},
{
"date": "2017-08-29T01:33:23.120000",
"db": "NVD",
"id": "CVE-2013-3424"
},
{
"date": "2013-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Secure Access Control System Management and view page cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003346"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-242"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.