CVE-2012-3908
Published Sep 16, 2012
Last updated 12 years ago
Overview
- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "150FE976-C88B-4C91-81AF-7D2FBAE92209"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "029478F4-EB13-4DF7-A93A-16A0D7ED8AEA"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82FCEF17-0223-44B8-947E-9CC733ED28DC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:identity_services_engine:3300:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D73A5C88-E693-49CA-B7BB-0A44DEF6AE55"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]