Sign-up

ID

VAR-201309-0296


CVE

CVE-2013-5471


TITLE

Cisco Global Site Selector of Web Cross-site request forgery vulnerability in framework

Trust: 0.8

sources: JVNDB: JVNDB-2013-003958

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. Vendors have confirmed this vulnerability Bug ID CSCuh42164 It is released as.A third party may be able to hijack the authentication of any user. Attackers can exploit this issue to perform certain administrative actions and to gain unauthorized access to the affected application. This issue is being tracked by Cisco bug ID CSCuh42164. The product optimizes site selection, improves DNS response and ensures data center availability. An attacker could exploit this vulnerability to convince users of an affected system to follow a malicious link or visit an attacker-controlled website. This vulnerability could be exploited with user privileges to submit arbitrary requests to an affected device

Trust: 1.98

sources: NVD: CVE-2013-5471 // JVNDB: JVNDB-2013-003958 // BID: 62166 // VULHUB: VHN-65473

AFFECTED PRODUCTS

vendor:ciscomodel:global site selectorscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:global site selectorscope:lteversion:3.2

Trust: 0.8

sources: JVNDB: JVNDB-2013-003958 // CNNVD: CNNVD-201309-018 // NVD: CVE-2013-5471

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5471
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5471
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-018
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65473
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5471
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65473
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65473 // JVNDB: JVNDB-2013-003958 // CNNVD: CNNVD-201309-018 // NVD: CVE-2013-5471

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-65473 // JVNDB: JVNDB-2013-003958 // NVD: CVE-2013-5471

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-018

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201309-018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003958

PATCH
title:Cisco GSS Cross-Site Request Forgery Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5471
Trust: 0.8
title:30651url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30651
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003958

EXTERNAL IDS
db:NVDid:CVE-2013-5471
Trust: 2.8
db:BIDid:62166
Trust: 2.0
db:SECTRACKid:1028985
Trust: 1.1
db:OSVDBid:96823
Trust: 1.1
db:JVNDBid:JVNDB-2013-003958
Trust: 0.8
db:CNNVDid:CNNVD-201309-018
Trust: 0.7
db:CISCOid:20130904 CISCO GSS CROSS-SITE REQUEST FORGERY VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-65473
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65473 // 
            
            
            
            BID: 62166 // 
            
            
            
            JVNDB: JVNDB-2013-003958 // 
            
            
            
            CNNVD: CNNVD-201309-018 // 
            
            
            
            NVD: CVE-2013-5471

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-5471
Trust: 2.0
url:http://www.securityfocus.com/bid/62166
Trust: 1.7
url:http://osvdb.org/96823
Trust: 1.1
url:http://www.securitytracker.com/id/1028985
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5471
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5471
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30651
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65473 // 
            
            
            
            BID: 62166 // 
            
            
            
            JVNDB: JVNDB-2013-003958 // 
            
            
            
            CNNVD: CNNVD-201309-018 // 
            
            
            
            NVD: CVE-2013-5471

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 62166 // 
            
            
            
            CNNVD: CNNVD-201309-018

SOURCES
db:VULHUBid:VHN-65473
db:BIDid:62166
db:JVNDBid:JVNDB-2013-003958
db:CNNVDid:CNNVD-201309-018
db:NVDid:CVE-2013-5471

LAST UPDATE DATE
2025-04-11T23:02:56.098000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65473date:2013-09-12T00:00:00
db:BIDid:62166date:2013-09-04T00:00:00
db:JVNDBid:JVNDB-2013-003958date:2013-09-06T00:00:00
db:CNNVDid:CNNVD-201309-018date:2013-09-05T00:00:00
db:NVDid:CVE-2013-5471date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-65473date:2013-09-05T00:00:00
db:BIDid:62166date:2013-09-04T00:00:00
db:JVNDBid:JVNDB-2013-003958date:2013-09-06T00:00:00
db:CNNVDid:CNNVD-201309-018date:2013-09-05T00:00:00
db:NVDid:CVE-2013-5471date:2013-09-05T03:27:32.580