Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3908

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-3908
Last Modified 25 Mar 2013 11:37:55
Published 16 Sep 2012 06:34:51
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3908

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.

Vulnerable Systems

Application

  • Cisco Identity Services Engine Software 1.0

  • Cisco Identity Services Engine Software 1.0.4

  • Cisco Identity Services Engine Software 1.0mr

  • Cisco Identity Services Engine Software 1.1

  • Cisco Identity Services Engine Software 1.1.1


References

CONFIRM - http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html

MISC - http://en.securitylab.ru/lab/

SECUNIA - 50680

BID - 55602


Last Updated: 27 May 2016 11:00:42