Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2013-5539
HistoryOct 16, 2013 - 10:52 a.m.

CVE-2013-5539

2013-10-1610:52:45
CWE-20
cisco
web.nvd.nist.gov
27
cisco
ise
upload-dialog
file upload
authenticated users
arbitrary file type
security vulnerability
cve-2013-5539
nvd
cisco identity services engine

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

69.6%

JSON

The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.

Affected configurations

Nvd
Node
ciscoidentity_services_engine_softwareMatch-
AND
ciscoidentity_services_engineMatch-
VendorProductVersionCPE
ciscoidentity_services_engine_software-cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*
ciscoidentity_services_engine-cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*

Related

prion 1
cvelist 1
cisco 1
nvd 1
prion
prion
Design/Logic Flaw
2013-10-16 10:52:00
cvelist
cvelist
CVE-2013-5539
2013-10-16 10:00:00
cisco
cisco
Cisco Identity Services Engine Untrusted File Upload Vulnerability
2013-10-16 20:19:44
nvd
nvd
CVE-2013-5539
2013-10-16 10:52:45

CVSS2

6

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

69.6%

JSON
Related for CVE-2013-5539
prion1cvelist1cisco1nvd1