CVE-2015-4182

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.

CVSS v2.0 5.5 MEDIUM

5.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39299	Vendor Advisory
http://www.securityfocus.com/bid/75152	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032579	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.1:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.2:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.747\):::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(0.899\):::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.2\(1.901\):::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.3:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.4:::::::*

History

No history.

Information

Published : 2015-06-12 14:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-4182

Mitre link : CVE-2015-4182

CVE.ORG link : CVE-2015-4182

JSON object : View

Products Affected

cisco

identity_services_engine_software

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2015-4182", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-12T14:59:04.443", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/75152", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032579", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087."}, {"lang": "es", "value": "La interfaz web administrativa en Cisco Identity Services Engine (ISE) anterior a 1.3 permite a usuarios remotos autenticados evadir las restricciones de acceso, y obtener informaci\u00f3n sensible o cambiar configuraciones, a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCui72087."}], "lastModified": "2017-01-04T17:43:31.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "694B3E06-FAA9-4A60-97FE-C51518CE151F"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE34CBD5-FF02-42C6-B4C3-D42FB6D30EED"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F2D8379-16E9-4CB7-85B6-66BF98E23E52"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4388586C-A521-421E-ABBE-34DB8AFBD05F"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.899\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D32BCD47-ADA6-4336-A3E0-9812A0177D7A"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "060F7E13-7E07-4EE9-B61D-B0F91E30FDEB"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5426F0F2-D5FE-49A1-B617-1ADDE83B2456"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}