CVE-2013-3420: CSRF
First published: Wed Jul 17 2013(Updated: )
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine | ||
| Cisco Identity Services Engine (ISE) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-3420?
CVE-2013-3420 is considered a high severity vulnerability due to the potential for remote attackers to hijack user authentication.
How do I fix CVE-2013-3420?
To fix CVE-2013-3420, upgrade to the latest version of Cisco Identity Services Engine software as recommended by Cisco.
What types of attacks are enabled by CVE-2013-3420?
CVE-2013-3420 allows attackers to perform cross-site request forgery (CSRF) attacks, potentially compromising user sessions.
Which Cisco software is affected by CVE-2013-3420?
CVE-2013-3420 affects the Cisco Identity Services Engine software and its related components.
Is user authentication at risk due to CVE-2013-3420?
Yes, user authentication is at significant risk with CVE-2013-3420 as attackers can hijack the sessions of arbitrary users.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco identity services engine
- canonical/cisco identity services engine (ise)