CVE-2013-3471

Published: Aug 29, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.

Affected (1)

Products: Cisco: Identity Services Engine Software

Cisco

1 product

Identity Services Engine Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine Software	All versions

Related CWEs

CWE-255

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=30524

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1028965

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=30524

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1028965

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.