CVE-2013-3395
Cisco Ironport Cross Site Request Forgery / Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuh70263, CSCuh70323, and CSCuh26634.
Vulnerabilidad CSRG en el framework web en los dispositivos Cisco IronPort Web Security Appliance (WSA), Email Security Appliance (ESA) y Content Security Management Appliance (SMA), permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. Aka Bug IDs CSCuh70263, CSCuh70323, y CSCuh26634.
Cisco IronPort Security Management Appliance M170 version 7.9.1-030 suffers from cross site scripting and cross site request forgery vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-05-06 CVE Reserved
- 2013-07-02 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3395 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Content Security Management Appliance Search vendor "Cisco" for product "Content Security Management Appliance" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Web Security Appliance Search vendor "Cisco" for product "Web Security Appliance" | - | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Email Security Appliance Firmware Search vendor "Cisco" for product "Email Security Appliance Firmware" | - | - |
Affected
|