Lucene search

CiscoCVE-2015-4267

HistoryJul 15, 2015 - 6:59 p.m.

CVE-2015-4267

2015-07-1518:59:00

CWE-352

cisco

web.nvd.nist.gov

cve-2015-4267

csrf vulnerability

cisco

ise

nvd

bug id cscus09940

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

32.7%

JSON

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

Affected configurations

Nvd

Node

ciscoidentity_services_engine_softwareMatch1.2\(0.793\)

ciscoidentity_services_engine_softwareMatch1.3\(0.876\)

ciscoidentity_services_engine_softwareMatch1.4\(0.181\)

ciscoidentity_services_engine_softwareMatch1.4\(0.876\)

ciscoidentity_services_engine_softwareMatch2.0\(0.147\)

ciscoidentity_services_engine_softwareMatch2.0\(0.169\)

VendorProductVersionCPE
ciscoidentity_services_engine_software1.2(0.793)cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.793\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.3(0.876)cpe:2.3:a:cisco:identity_services_engine_software:1.3\(0.876\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.4(0.181)cpe:2.3:a:cisco:identity_services_engine_software:1.4\(0.181\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software1.4(0.876)cpe:2.3:a:cisco:identity_services_engine_software:1.4\(0.876\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software2.0(0.147)cpe:2.3:a:cisco:identity_services_engine_software:2.0\(0.147\):*:*:*:*:*:*:*
ciscoidentity_services_engine_software2.0(0.169)cpe:2.3:a:cisco:identity_services_engine_software:2.0\(0.169\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine_software	1.2(0.793)	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.793\):::::::*
cisco	identity_services_engine_software	1.3(0.876)	cpe:2.3:a:cisco:identity_services_engine_software:1.3\(0.876\):::::::*
cisco	identity_services_engine_software	1.4(0.181)	cpe:2.3:a:cisco:identity_services_engine_software:1.4\(0.181\):::::::*
cisco	identity_services_engine_software	1.4(0.876)	cpe:2.3:a:cisco:identity_services_engine_software:1.4\(0.876\):::::::*
cisco	identity_services_engine_software	2.0(0.147)	cpe:2.3:a:cisco:identity_services_engine_software:2.0\(0.147\):::::::*
cisco	identity_services_engine_software	2.0(0.169)	cpe:2.3:a:cisco:identity_services_engine_software:2.0\(0.169\):::::::*

References

tools.cisco.com/security/center/viewAlert.x?alertId=39872

www.securitytracker.com/id/1032929

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

32.7%

JSON

Related for CVE-2015-4267