Vulnerability Description
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine Software | <= 1.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/98168
- http://secunia.com/advisories/55207
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=31161Vendor Advisory
- http://www.securityfocus.com/bid/62869Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029157Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87724
- http://osvdb.org/98168
- http://secunia.com/advisories/55207
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=31161Vendor Advisory
- http://www.securityfocus.com/bid/62869Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029157Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87724
FAQ
What is CVE-2013-5523?
CVE-2013-5523 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks...
How severe is CVE-2013-5523?
CVE-2013-5523 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-5523?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software.