CVE-2013-5530 — OS Command Injection in Cisco Identity Services Engine Software

CWE-78 — OS Command Injection CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.0CRITICALNVD

EPSS

0.2%

top 62.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedOct 25

Latest updateMay 17

Description

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software7 versions+6

🔴Vulnerability Details

GHSA

GHSA-r76p-vrmc-rm5f: The web framework in Cisco Identity Services Engine (ISE) 1↗2022-05-17

▶

CVEList

CVE-2013-5530: The web framework in Cisco Identity Services Engine (ISE) 1↗2013-10-25

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Identity Services Engine↗2013-10-23

▶