CVE-2012-3908

Published: 16/09/2012 Updated: 26/03/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances prior to 1.1.0.665 Cumulative Patch 1 allow remote malicious users to hijack the authentication of administrators, aka Bug ID CSCty46684.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco identity services engine software 1.0
cisco identity services engine software 1.0.4
cisco identity services engine software 1.0mr
cisco identity services engine software 1.1
cisco identity services engine software 1.1.1
cisco identity services engine 3300

Cisco Identity Services Engine contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site request forgery attacks on a targeted system The vulnerability is due to insufficient sanitization of user-supplied input processed by the ISE Administrator user interface of the affected software An unauthe ...

CWE-352 http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html http://en.securitylab.ru/lab/http://secunia.com/advisories/50680 http://www.securityfocus.com/bid/55602 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120920-CVE-2012-3908

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3908

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect