Lucene search

[email protected]NVD:CVE-2017-6747

HistoryAug 07, 2017 - 6:29 a.m.

CVE-2017-6747

2017-08-0706:29:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

70.7%

JSON

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995.

Affected configurations

Nvd

Node

ciscoidentity_services_engineMatch1.3\(0.722\)

ciscoidentity_services_engineMatch1.3\(0.876\)

ciscoidentity_services_engineMatch1.3\(0.909\)

ciscoidentity_services_engineMatch1.3\(106.146\)

ciscoidentity_services_engineMatch1.3\(120.135\)

ciscoidentity_services_engineMatch1.4\(0.109\)

ciscoidentity_services_engineMatch1.4\(0.181\)

ciscoidentity_services_engineMatch1.4\(0.253\)

ciscoidentity_services_engineMatch1.4\(0.908\)

ciscoidentity_services_engineMatch2.0\(0.147\)

ciscoidentity_services_engineMatch2.0\(0.169\)

ciscoidentity_services_engineMatch2.0\(0.222\)

ciscoidentity_services_engineMatch2.0\(1.130\)

ciscoidentity_services_engineMatch2.0_base

ciscoidentity_services_engineMatch2.1\(0.474\)

ciscoidentity_services_engineMatch2.1\(0.800\)

ciscoidentity_services_engineMatch2.1\(102.101\)

ciscoidentity_services_engineMatch2.1_base

VendorProductVersionCPE
ciscoidentity_services_engine1.3(0.722)cpe:2.3:a:cisco:identity_services_engine:1.3\(0.722\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.3(0.876)cpe:2.3:a:cisco:identity_services_engine:1.3\(0.876\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.3(0.909)cpe:2.3:a:cisco:identity_services_engine:1.3\(0.909\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.3(106.146)cpe:2.3:a:cisco:identity_services_engine:1.3\(106.146\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.3(120.135)cpe:2.3:a:cisco:identity_services_engine:1.3\(120.135\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.4(0.109)cpe:2.3:a:cisco:identity_services_engine:1.4\(0.109\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.4(0.181)cpe:2.3:a:cisco:identity_services_engine:1.4\(0.181\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.4(0.253)cpe:2.3:a:cisco:identity_services_engine:1.4\(0.253\):*:*:*:*:*:*:*
ciscoidentity_services_engine1.4(0.908)cpe:2.3:a:cisco:identity_services_engine:1.4\(0.908\):*:*:*:*:*:*:*
ciscoidentity_services_engine2.0(0.147)cpe:2.3:a:cisco:identity_services_engine:2.0\(0.147\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine	1.3(0.722)	cpe:2.3:a:cisco:identity_services_engine:1.3\(0.722\):::::::*
cisco	identity_services_engine	1.3(0.876)	cpe:2.3:a:cisco:identity_services_engine:1.3\(0.876\):::::::*
cisco	identity_services_engine	1.3(0.909)	cpe:2.3:a:cisco:identity_services_engine:1.3\(0.909\):::::::*
cisco	identity_services_engine	1.3(106.146)	cpe:2.3:a:cisco:identity_services_engine:1.3\(106.146\):::::::*
cisco	identity_services_engine	1.3(120.135)	cpe:2.3:a:cisco:identity_services_engine:1.3\(120.135\):::::::*
cisco	identity_services_engine	1.4(0.109)	cpe:2.3:a:cisco:identity_services_engine:1.4\(0.109\):::::::*
cisco	identity_services_engine	1.4(0.181)	cpe:2.3:a:cisco:identity_services_engine:1.4\(0.181\):::::::*
cisco	identity_services_engine	1.4(0.253)	cpe:2.3:a:cisco:identity_services_engine:1.4\(0.253\):::::::*
cisco	identity_services_engine	1.4(0.908)	cpe:2.3:a:cisco:identity_services_engine:1.4\(0.908\):::::::*
cisco	identity_services_engine	2.0(0.147)	cpe:2.3:a:cisco:identity_services_engine:2.0\(0.147\):::::::*

Rows per page:

1-10 of 181

References

www.securitytracker.com/id/1039054

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

70.7%

JSON

Related for NVD:CVE-2017-6747

cvelist1 openvas1 prion1 nessus1 cisco1 cve1