Sign-up

ID

VAR-201305-0267


CVE

CVE-2013-1200


TITLE

Cisco Secure Access Control System In Web Session hijacking vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002731

DESCRIPTION

Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. Vendors have confirmed this vulnerability Bug ID CSCud95787 It is released as.By a third party Web Sessions may be hijacked. An attacker can exploit this issue to hijack an arbitrary session and gain unauthorized access to the affected device. This issue is being tracked by Cisco Bug ID CSCud95787. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 2.07

sources: NVD: CVE-2013-1200 // JVNDB: JVNDB-2013-002731 // BID: 59943 // VULHUB: VHN-61202 // VULMON: CVE-2013-1200

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control system softwarescope:lteversion:5.4

Trust: 0.8

sources: JVNDB: JVNDB-2013-002731 // CNNVD: CNNVD-201305-315 // NVD: CVE-2013-1200

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1200
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1200
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201305-315
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61202
value: MEDIUM

Trust: 0.1

VULMON: CVE-2013-1200
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1200
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-61202
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61202 // VULMON: CVE-2013-1200 // JVNDB: JVNDB-2013-002731 // CNNVD: CNNVD-201305-315 // NVD: CVE-2013-1200

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-61202 // JVNDB: JVNDB-2013-002731 // NVD: CVE-2013-1200

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-315

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201305-315

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002731

PATCH
title:Cisco Secure Access Control System Session Fixation Web Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1200
Trust: 0.8
title:29345url:http://tools.cisco.com/security/center/viewAlert.x?alertId=29345
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002731

EXTERNAL IDS
db:NVDid:CVE-2013-1200
Trust: 2.9
db:JVNDBid:JVNDB-2013-002731
Trust: 0.8
db:CNNVDid:CNNVD-201305-315
Trust: 0.7
db:CISCOid:20130515 CISCO SECURE ACCESS CONTROL SYSTEM SESSION FIXATION WEB VULNERABILITY
Trust: 0.6
db:BIDid:59943
Trust: 0.4
db:VULHUBid:VHN-61202
Trust: 0.1
db:VULMONid:CVE-2013-1200
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61202 // 
            
            
            
            VULMON: CVE-2013-1200 // 
            
            
            
            BID: 59943 // 
            
            
            
            JVNDB: JVNDB-2013-002731 // 
            
            
            
            CNNVD: CNNVD-201305-315 // 
            
            
            
            NVD: CVE-2013-1200

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1200
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1200
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1200
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61202 // 
            
            
            
            VULMON: CVE-2013-1200 // 
            
            
            
            JVNDB: JVNDB-2013-002731 // 
            
            
            
            CNNVD: CNNVD-201305-315 // 
            
            
            
            NVD: CVE-2013-1200

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 59943

SOURCES
db:VULHUBid:VHN-61202
db:VULMONid:CVE-2013-1200
db:BIDid:59943
db:JVNDBid:JVNDB-2013-002731
db:CNNVDid:CNNVD-201305-315
db:NVDid:CVE-2013-1200

LAST UPDATE DATE
2025-04-11T23:17:16.796000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61202date:2013-05-16T00:00:00
db:VULMONid:CVE-2013-1200date:2013-05-16T00:00:00
db:BIDid:59943date:2013-05-21T05:53:00
db:JVNDBid:JVNDB-2013-002731date:2013-05-17T00:00:00
db:CNNVDid:CNNVD-201305-315date:2013-05-17T00:00:00
db:NVDid:CVE-2013-1200date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-61202date:2013-05-16T00:00:00
db:VULMONid:CVE-2013-1200date:2013-05-16T00:00:00
db:BIDid:59943date:2013-05-15T00:00:00
db:JVNDBid:JVNDB-2013-002731date:2013-05-17T00:00:00
db:CNNVDid:CNNVD-201305-315date:2013-05-17T00:00:00
db:NVDid:CVE-2013-1200date:2013-05-16T03:36:22.710