Lucene search
CiscoCVE-2015-6317HistoryJan 23, 2016 - 5:59 a.m.
CVE-2015-6317
2016-01-2305:59:00
CWE-284
cisco
web.nvd.nist.gov
29
cisco
ise
cve-2015-6317
bug id cscuu45926
nvd
identity services engine
web resource access restrictions
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:C/A:N
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
34.1%
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
Affected configurations
Node
ciscoidentity_services_engine_softwareMatch1.0.4.573
ORciscoidentity_services_engine_softwareMatch1.0_base
ORciscoidentity_services_engine_softwareMatch1.0_mr_base
ORciscoidentity_services_engine_softwareMatch1.1.1p1
ORciscoidentity_services_engine_softwareMatch1.1.1p2
ORciscoidentity_services_engine_softwareMatch1.1.1p3
ORciscoidentity_services_engine_softwareMatch1.1.1p4
ORciscoidentity_services_engine_softwareMatch1.1.1p5
ORciscoidentity_services_engine_softwareMatch1.1.1p6
ORciscoidentity_services_engine_softwareMatch1.1.2p1
ORciscoidentity_services_engine_softwareMatch1.1.2p2
ORciscoidentity_services_engine_softwareMatch1.1.2p3
ORciscoidentity_services_engine_softwareMatch1.1.2p4
ORciscoidentity_services_engine_softwareMatch1.1.2p5
ORciscoidentity_services_engine_softwareMatch1.1.2p6
ORciscoidentity_services_engine_softwareMatch1.1.2p7
ORciscoidentity_services_engine_softwareMatch1.1.2p8
ORciscoidentity_services_engine_softwareMatch1.1.2p9
ORciscoidentity_services_engine_softwareMatch1.1.3p1
ORciscoidentity_services_engine_softwareMatch1.1.3p2
ORciscoidentity_services_engine_softwareMatch1.1.3p3
ORciscoidentity_services_engine_softwareMatch1.1.3p4
ORciscoidentity_services_engine_softwareMatch1.1.3p5
ORciscoidentity_services_engine_softwareMatch1.1.3p6
ORciscoidentity_services_engine_softwareMatch1.1.3p7
ORciscoidentity_services_engine_softwareMatch1.1.4p1
ORciscoidentity_services_engine_softwareMatch1.1.4p2
ORciscoidentity_services_engine_softwareMatch1.1.4p3
ORciscoidentity_services_engine_softwareMatch1.1.4p4
ORciscoidentity_services_engine_softwareMatch1.1.4p5
ORciscoidentity_services_engine_softwareMatch1.1.4p6
ORciscoidentity_services_engine_softwareMatch1.1.4p7
ORciscoidentity_services_engine_softwareMatch1.1_base
ORciscoidentity_services_engine_softwareMatch1.2\(0.747\)
ORciscoidentity_services_engine_softwareMatch1.2\(0.793\)
ORciscoidentity_services_engine_softwareMatch1.2\(1.198\)
ORciscoidentity_services_engine_softwareMatch1.2\(1.901\)
ORciscoidentity_services_engine_softwareMatch1.2.0.899p14
ORciscoidentity_services_engine_softwareMatch1.2.1p1
ORciscoidentity_services_engine_softwareMatch1.2.1p2
ORciscoidentity_services_engine_softwareMatch1.2_base
ORciscoidentity_services_engine_softwareMatch1.3\(0.722\)
ORciscoidentity_services_engine_softwareMatch1.3\(0.876\)
ORciscoidentity_services_engine_softwareMatch1.3\(106.146\)
ORciscoidentity_services_engine_softwareMatch1.3\(120.135\)
ORciscoidentity_services_engine_softwareMatch1.4\(0.109\)
ORciscoidentity_services_engine_softwareMatch1.4\(0.181\)
ORciscoidentity_services_engine_softwareMatch1.4\(0.253\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | identity_services_engine_software | 1.0.4.573 | cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.0_base | cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:*:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.0_mr_base | cpe:2.3:a:cisco:identity_services_engine_software:1.0_mr_base:*:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.1 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p1:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.1 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p2:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.1 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p3:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.1 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p4:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.1 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p5:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.1 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p6:*:*:*:*:*:* |
| cisco | identity_services_engine_software | 1.1.2 | cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p1:*:*:*:*:*:* |
Related
openvas
openvas
cisco
cisco
Cisco Identity Services Engine Unauthorized Access Vulnerability
2016-01-13 16:00:00
nvd
nvd
CVE-2015-6317
2016-01-23 05:59:00
cvelist
cvelist
CVE-2015-6317
2016-01-23 02:00:00
prion
prion
Design/Logic Flaw
2016-01-23 05:59:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:C/A:N
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
34.1%
Related for CVE-2015-6317