Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2014-0680

Published

9 years ago

Last Modified

5 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Share on Facebook
Share on LinkedIn
Share on Twitter

Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.3/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding	Edit
cpe:2.3:h:cisco:identity_services_engine:-:::::::*	Yes	-	-

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0680
http://osvdb.org/102588
http://secunia.com/advisories/56672
http://tools.cisco.com/security/center/viewAlert.x?alertId=32617
http://www.securityfocus.com/bid/65227
http://www.securitytracker.com/id/1029701