Details of VAR-201307-0207

ID

VAR-201307-0207

CVE

CVE-2013-3422

TITLE

Cisco Secure Access Control System Management page − Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-003344

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCud75165. The system can respectively control network access and network device access through RADIUS and TACACS protocols

Trust: 2.07

sources: NVD: CVE-2013-3422 // JVNDB: JVNDB-2013-003344 // BID: 61172 // VULHUB: VHN-63424 // VULMON: CVE-2013-3422

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.3	Trust: 0.8
vendor:	cisco	model:	secure access control system software	scope:	eq	version:	5.4	Trust: 0.8
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.3	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.2	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4.0.46.1	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.6	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.7	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.6	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.5	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.4	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.3	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.2	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40.1	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3.0.40	Trust: 0.3
vendor:	cisco	model:	secure access control system	scope:	eq	version:	5.3	Trust: 0.3

sources: BID: 61172 // JVNDB: JVNDB-2013-003344 // CNNVD: CNNVD-201307-240 // NVD: CVE-2013-3422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3422
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3422
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201307-240
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63424
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-3422
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3422
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-63424
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63424 // VULMON: CVE-2013-3422 // JVNDB: JVNDB-2013-003344 // CNNVD: CNNVD-201307-240 // NVD: CVE-2013-3422

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-63424 // JVNDB: JVNDB-2013-003344 // NVD: CVE-2013-3422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-240

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201307-240

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003344

PATCH

title:	Cisco Secure Access Control System Administration Page Cross-Site Scripting Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3422	Trust: 0.8
title:	30067	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30067	Trust: 0.8

sources: JVNDB: JVNDB-2013-003344

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3422	Trust: 2.9
db:	JVNDB	id:	JVNDB-2013-003344	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-240	Trust: 0.7
db:	CISCO	id:	20130712 CISCO SECURE ACCESS CONTROL SYSTEM ADMINISTRATION PAGE CROSS-SITE SCRIPTING VULNERABILITY	Trust: 0.6
db:	BID	id:	61172	Trust: 0.5
db:	VULHUB	id:	VHN-63424	Trust: 0.1
db:	VULMON	id:	CVE-2013-3422	Trust: 0.1

sources: VULHUB: VHN-63424 // VULMON: CVE-2013-3422 // BID: 61172 // JVNDB: JVNDB-2013-003344 // CNNVD: CNNVD-201307-240 // NVD: CVE-2013-3422

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-3422	Trust: 2.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/85623	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3422	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3422	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps9911/index.html	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=30067	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/61172	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-63424 // VULMON: CVE-2013-3422 // BID: 61172 // JVNDB: JVNDB-2013-003344 // CNNVD: CNNVD-201307-240 // NVD: CVE-2013-3422

CREDITS

Cisco

Trust: 0.3

sources: BID: 61172

SOURCES

db:	VULHUB	id:	VHN-63424
db:	VULMON	id:	CVE-2013-3422
db:	BID	id:	61172
db:	JVNDB	id:	JVNDB-2013-003344
db:	CNNVD	id:	CNNVD-201307-240
db:	NVD	id:	CVE-2013-3422

LAST UPDATE DATE

2025-04-11T23:12:49.762000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63424	date:	2017-08-29T00:00:00
db:	VULMON	id:	CVE-2013-3422	date:	2017-08-29T00:00:00
db:	BID	id:	61172	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003344	date:	2013-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201307-240	date:	2013-07-18T00:00:00
db:	NVD	id:	CVE-2013-3422	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63424	date:	2013-07-12T00:00:00
db:	VULMON	id:	CVE-2013-3422	date:	2013-07-12T00:00:00
db:	BID	id:	61172	date:	2013-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2013-003344	date:	2013-07-16T00:00:00
db:	CNNVD	id:	CNNVD-201307-240	date:	2013-07-18T00:00:00
db:	NVD	id:	CVE-2013-3422	date:	2013-07-12T21:55:01.020