Lucene search

CiscoCVE-2017-12261

HistoryNov 02, 2017 - 4:29 p.m.

CVE-2017-12261

2017-11-0216:29:00

CWE-264

CWE-863

cisco

web.nvd.nist.gov

cve

2017

12261

cisco

ise

ssh

vulnerability

ssh access

local attacker

cli commands

input validation

elevated privileges

cisco bug ids

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.

Affected configurations

Nvd

Node

ciscoidentity_services_engineMatch1.4

ciscoidentity_services_engineMatch2.0

ciscoidentity_services_engineMatch2.0.1

ciscoidentity_services_engineMatch2.1.0

Node

ciscoidentity_services_engine_expressMatch1.4

ciscoidentity_services_engine_expressMatch2.0

ciscoidentity_services_engine_expressMatch2.0.1

ciscoidentity_services_engine_expressMatch2.1.0

Node

ciscoidentity_services_engine_virtual_applianceMatch1.4

ciscoidentity_services_engine_virtual_applianceMatch2.0

ciscoidentity_services_engine_virtual_applianceMatch2.0.1

ciscoidentity_services_engine_virtual_applianceMatch2.1.0

VendorProductVersionCPE
ciscoidentity_services_engine1.4cpe:2.3:a:cisco:identity_services_engine:1.4:*:*:*:*:*:*:*
ciscoidentity_services_engine2.0cpe:2.3:a:cisco:identity_services_engine:2.0:*:*:*:*:*:*:*
ciscoidentity_services_engine2.0.1cpe:2.3:a:cisco:identity_services_engine:2.0.1:*:*:*:*:*:*:*
ciscoidentity_services_engine2.1.0cpe:2.3:a:cisco:identity_services_engine:2.1.0:*:*:*:*:*:*:*
ciscoidentity_services_engine_express1.4cpe:2.3:a:cisco:identity_services_engine_express:1.4:*:*:*:*:*:*:*
ciscoidentity_services_engine_express2.0cpe:2.3:a:cisco:identity_services_engine_express:2.0:*:*:*:*:*:*:*
ciscoidentity_services_engine_express2.0.1cpe:2.3:a:cisco:identity_services_engine_express:2.0.1:*:*:*:*:*:*:*
ciscoidentity_services_engine_express2.1.0cpe:2.3:a:cisco:identity_services_engine_express:2.1.0:*:*:*:*:*:*:*
ciscoidentity_services_engine_virtual_appliance1.4cpe:2.3:a:cisco:identity_services_engine_virtual_appliance:1.4:*:*:*:*:*:*:*
ciscoidentity_services_engine_virtual_appliance2.0cpe:2.3:a:cisco:identity_services_engine_virtual_appliance:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	1.4	cpe:2.3:a:cisco:identity_services_engine:1.4:::::::*
cisco	identity_services_engine	2.0	cpe:2.3:a:cisco:identity_services_engine:2.0:::::::*
cisco	identity_services_engine	2.0.1	cpe:2.3:a:cisco:identity_services_engine:2.0.1:::::::*
cisco	identity_services_engine	2.1.0	cpe:2.3:a:cisco:identity_services_engine:2.1.0:::::::*
cisco	identity_services_engine_express	1.4	cpe:2.3:a:cisco:identity_services_engine_express:1.4:::::::*
cisco	identity_services_engine_express	2.0	cpe:2.3:a:cisco:identity_services_engine_express:2.0:::::::*
cisco	identity_services_engine_express	2.0.1	cpe:2.3:a:cisco:identity_services_engine_express:2.0.1:::::::*
cisco	identity_services_engine_express	2.1.0	cpe:2.3:a:cisco:identity_services_engine_express:2.1.0:::::::*
cisco	identity_services_engine_virtual_appliance	1.4	cpe:2.3:a:cisco:identity_services_engine_virtual_appliance:1.4:::::::*
cisco	identity_services_engine_virtual_appliance	2.0	cpe:2.3:a:cisco:identity_services_engine_virtual_appliance:2.0:::::::*

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Identity Services Engine"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101641

www.securitytracker.com/id/1039717

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-ise

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2017-12261