Published: 16/09/2012 Updated: 26/03/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances prior to 1.1.0.665 Cumulative Patch 1 allow remote malicious users to hijack the authentication of administrators, aka Bug ID CSCty46684.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.0.4
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.0mr
cisco identity_services_engine_software 1.1
cisco identity_services_engine 3300

Cisco Identity Services Engine contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system The vulnerability is due to insufficient sanitization of user-supplied input processed by the ISE Administrator user interface of the affected software An unauthe ...

CWE-352 http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html http://en.securitylab.ru/lab/http://secunia.com/advisories/50680 http://www.securityfocus.com/bid/55602 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120920-CVE-2012-3908

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3908

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect