CVE-2013-5531 — Improper Authentication in Cisco Identity Services Engine Software

CWE-287 — Improper Authentication CWE-20 — Improper Input Validation6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 51.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedOct 25

Latest updateMay 17

Description

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software1.0, 1.1+1

🔴Vulnerability Details

GHSA

GHSA-3mxh-57x7-m994: Cisco Identity Services Engine (ISE) 1↗2022-05-17

▶

CVEList

CVE-2013-5531: Cisco Identity Services Engine (ISE) 1↗2013-10-25

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Identity Services Engine↗2013-10-23

▶

Cisco

Cisco ISE Support Information Download Authentication Bypass Vulnerability↗2013-10-23

▶

💬Community

Bugzilla

CVE-2012-5531 GateIn Portal: Reflected Cross-Site Scripting (XSS)↗2012-11-16

▶