CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
EPSS
Percentile
44.4%
A vulnerability in the file upload management of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload multiple files to a specific location of the filesystem and exhaust disk space.
The vulnerability is due to insufficient management of filesystem free space. An attacker could exploit this vulnerability by uploading multiple files. An exploit could allow the attacker to exhaust free disk space on the system, resulting in a denial of service (DoS) condition in which the administration interface becomes unresponsive.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker would need to authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | identity_services_engine_software | any | cpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:* |