CVE-2015-4182

{"id": "CVE-2015-4182", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-12T14:59:04.443", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/75152", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032579", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/75152", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1032579", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087."}, {"lang": "es", "value": "La interfaz web administrativa en Cisco Identity Services Engine (ISE) anterior a 1.3 permite a usuarios remotos autenticados evadir las restricciones de acceso, y obtener informaci\u00f3n sensible o cambiar configuraciones, a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCui72087."}], "lastModified": "2024-11-21T02:30:35.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "694B3E06-FAA9-4A60-97FE-C51518CE151F"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE34CBD5-FF02-42C6-B4C3-D42FB6D30EED"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F2D8379-16E9-4CB7-85B6-66BF98E23E52"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4388586C-A521-421E-ABBE-34DB8AFBD05F"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.899\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32BCD47-ADA6-4336-A3E0-9812A0177D7A"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "060F7E13-7E07-4EE9-B61D-B0F91E30FDEB"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5426F0F2-D5FE-49A1-B617-1ADDE83B2456"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}