Computer Security
[EN] no-pyccku

Cisco Identity Services Engine multiple security vulnerabilities
SecurityVulns ID:13378
Threat Level:
Description:Authentication bypass, code execution.
Affected:CISCO : Cisco Identity Services Engine 1.2
CVE:CVE-2013-5531 (Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.)
 CVE-2013-5530 (The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before, 1.1.1 before, 1.1.2 before, 1.1.3 before, 1.1.4 before, and 1.2 before allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.)
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
Files:Multiple Vulnerabilities in Cisco Identity Services Engine
 Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod