CVE-2011-3290

{"id": "CVE-2011-3290", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-09-21T16:55:04.147", "references": [{"url": "http://secunia.com/advisories/46061", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/49703", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1026075", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/46061", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/49703", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1026075", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135."}, {"lang": "es", "value": "Cisco Identity Services Engine (ISE), antes de la versi\u00f3n v1.0.4.MR2 usa las credenciales de base de datos Oracle por defecto, lo que permite a atacantes remotos modificar la configuraci\u00f3n o realizar otras acciones administrativas no especificadas a trav\u00e9s de vectores desconocidos. Problema tambi\u00e9n conocido como Bug ID CSCts59135."}], "lastModified": "2024-11-21T01:30:12.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D21EAA4D-BC75-4FBF-8F84-33A8152D9E35"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBCFC65B-8F72-4C75-9721-54B75889CC07", "versionEndIncluding": "1.0.4"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "029478F4-EB13-4DF7-A93A-16A0D7ED8AEA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}