Vulnerability Description
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine Software | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=30524Vendor Advisory
- http://www.securitytracker.com/id/1028965Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=30524Vendor Advisory
- http://www.securitytracker.com/id/1028965Third Party AdvisoryVDB Entry
FAQ
What is CVE-2013-3471?
CVE-2013-3471 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an H...
How severe is CVE-2013-3471?
CVE-2013-3471 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3471?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software.