CVE-2013-3420

Published: Jul 18, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.

Affected (2)

Products: Cisco: Identity Services Engine Software, Identity Services Engine

Cisco

2 products

Identity Services Engine Software

Identity Services Engine

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine Software	All versions
Cisco Identity Services Engine	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.