Skip to main content

Identity Services Engine Software CVE-2013-5530

CRITICAL
OS Command Injection (CWE-78)
2013-10-25 psirt@cisco.com
9.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.0 CRITICAL
AV:N/AC:L/Au:S/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Oct 25, 2013 - 03:52 cve.org
CRITICAL 9.0

DescriptionCVE.org

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.

AnalysisAI

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. Affected products include: Cisco Identity Services Engine Software. Version information: before 1.1.0.665.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2015-6323 CRITICAL
9.8 Jan 15

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before

CVE-2017-3835 HIGH
8.8 Feb 22

A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attac

CVE-2018-0413 HIGH
8.8 Aug 01

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic

CVE-2017-12316 HIGH
7.5 Nov 16

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, r

CVE-2016-1402 HIGH
7.5 May 21

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD

CVE-2013-1125 MEDIUM
6.8 Feb 19

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application N

CVE-2013-5540 MEDIUM
6.8 Oct 16

The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of s

CVE-2012-3908 MEDIUM
6.8 Sep 16

Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomca

CVE-2013-3420 MEDIUM
6.8 Jul 18

Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows

CVE-2015-4267 MEDIUM
6.8 Jul 15

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793),

CVE-2013-1196 MEDIUM
6.8 Apr 29

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Direc

CVE-2013-5525 MEDIUM
6.5 Oct 10

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote a

Share

CVE-2013-5530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy