Lucene search

CiscoCVE-2015-4182

HistoryJun 12, 2015 - 2:59 p.m.

CVE-2015-4182

2015-06-1214:59:04

CWE-264

cisco

web.nvd.nist.gov

cisco

ise

admin web interface

access restrictions

authentication bypass

cve-2015-4182

nvd

security vulnerability

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

49.2%

JSON

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.

Affected configurations

Nvd

Node

ciscoidentity_services_engine_softwareMatch1.0.4.573

ciscoidentity_services_engine_softwareMatch1.0_base

ciscoidentity_services_engine_softwareMatch1.1

ciscoidentity_services_engine_softwareMatch1.2

ciscoidentity_services_engine_softwareMatch1.2\(0.747\)

ciscoidentity_services_engine_softwareMatch1.2\(0.899\)

ciscoidentity_services_engine_softwareMatch1.2\(1.901\)

ciscoidentity_services_engine_softwareMatch1.3

ciscoidentity_services_engine_softwareMatch1.4

VendorProductVersionCPE
ciscoidentity_services_engine_software1.0.4.573cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.0_basecpe:2.3:a:cisco:identity_services_engine_software:1.0_base:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.1cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.2cpe:2.3:a:cisco:identity_services_engine_software:1.2:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.2(0.747)cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.747\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.2(0.899)cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.899\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.2(1.901)cpe:2.3:a:cisco:identity_services_engine_software:1.2\(1.901\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.3cpe:2.3:a:cisco:identity_services_engine_software:1.3:*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.4cpe:2.3:a:cisco:identity_services_engine_software:1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine_software	1.0.4.573	cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:::::::*
cisco	identity_services_engine_software	1.0_base	cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:::::::*
cisco	identity_services_engine_software	1.1	cpe:2.3:a:cisco:identity_services_engine_software:1.1:::::::*
cisco	identity_services_engine_software	1.2	cpe:2.3:a:cisco:identity_services_engine_software:1.2:::::::*
cisco	identity_services_engine_software	1.2(0.747)	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.747\):::::::*
cisco	identity_services_engine_software	1.2(0.899)	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.899\):::::::*
cisco	identity_services_engine_software	1.2(1.901)	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(1.901\):::::::*
cisco	identity_services_engine_software	1.3	cpe:2.3:a:cisco:identity_services_engine_software:1.3:::::::*
cisco	identity_services_engine_software	1.4	cpe:2.3:a:cisco:identity_services_engine_software:1.4:::::::*

References

tools.cisco.com/security/center/viewAlert.x?alertId=39299

www.securityfocus.com/bid/75152

www.securitytracker.com/id/1032579

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.001

Percentile

49.2%

JSON

Related for CVE-2015-4182