Vulnerability Details CVE-2012-3908
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.6%
CVSS Severity
CVSS v2 Score 6.8
References
- http://en.securitylab.ru/lab/
- http://secunia.com/advisories/50680
- http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html
- http://www.securityfocus.com/bid/55602
- http://en.securitylab.ru/lab/
- http://secunia.com/advisories/50680
- http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html
- http://www.securityfocus.com/bid/55602
Products affected by CVE-2012-3908
-
cpe:2.3:a:cisco:identity_services_engine_software:1.0
-
cpe:2.3:a:cisco:identity_services_engine_software:1.0.4
-
cpe:2.3:a:cisco:identity_services_engine_software:1.0mr
-
cpe:2.3:a:cisco:identity_services_engine_software:1.1
-
cpe:2.3:a:cisco:identity_services_engine_software:1.1.1
-
cpe:2.3:h:cisco:identity_services_engine:3300