CyberSec.Space Logo
Back to CVE Browser

CVE-2013-1124

MEDIUM
5.8
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile16.52th
PublishedFeb 28, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

The Cisco Network Admission Control (NAC) agent on Mac OS X does not verify the X.509 certificate of an Identity Services Engine (ISE) server during an SSL session, which allows man-in-the-middle attackers to spoof ISE servers via an arbitrary certificate, aka Bug ID CSCub24309.

Affected Platforms (CPE)

📦
Cisco

Network Admission Control

All versions

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1124
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1124

Related Vulnerabilities

CVE-2008-115510.0

Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows rem...

CVE-2011-33057.8

Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary...

CVE-2013-11777.5

SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote a...

CVE-2009-06307.1

The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transp...