Lucene search
CiscoCVE-2013-1124HistoryFeb 28, 2013 - 11:55 p.m.
CVE-2013-1124
2013-02-2823:55:01
CWE-310
cisco
web.nvd.nist.gov
25
cisco
nac
mac os x
spoofing
certificate
vulnerability
security
cve-2013-1124
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
30.8%
The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309.
Affected configurations
Node
cisconetwork_admission_controlMatch-
applemac_os_x
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | network_admission_control | - | cpe:2.3:a:cisco:network_admission_control:-:*:*:*:*:*:*:* |
| apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2013-1124
2013-02-28 23:55:01
prion
prion
Code injection
2013-02-28 23:55:00
cvelist
cvelist
CVE-2013-1124
2013-02-28 23:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
6.7
Confidence
High
EPSS
0.001
Percentile
30.8%
Related for CVE-2013-1124