CVE-2013-5539 — MEDIUM (6.0)

Vulnerability Description

The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.

CVSS Score

6.0

MEDIUM

AV:N/AC:M/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Cisco	Identity Services Engine Software	-
Cisco	Identity Services Engine	-

Related Weaknesses (CWE)

CWE-20

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539Vendor Advisory

FAQ

What is CVE-2013-5539?

CVE-2013-5539 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspeci...

How severe is CVE-2013-5539?

CVE-2013-5539 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-5539?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software, Cisco Identity Services Engine.