Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-6323 (GCVE-0-2015-6323)
Vulnerability from cvelistv5 – Published: 2016-01-15 02:00 – Updated: 2024-08-06 07:15
VLAI?
EPSS
Summary
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"name": "1034666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"name": "1034666",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"name": "1034666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6323",
"datePublished": "2016-01-15T02:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:15:13.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CNVD-2016-00371
Vulnerability from cnvd - Published: 2016-01-15
VLAI Severity ?
Title
Cisco Identity Services Engine未授权访问漏洞
Description
Cisco Identity Services Engine是集身份验证、授权和AAA、状态、设置文件和客户端管理为一体的访问控制解决方案。
运行Cisco Identity Services Engine (ISE)软件的设备的Admin门户存在安全漏洞,可使未经身份验证的攻击者访问受影响设备。
Severity
高
Patch Name
Cisco Identity Services Engine未授权访问漏洞的补丁
Patch Description
Cisco Identity Services Engine是集身份验证、授权和AAA、状态、设置文件和客户端管理为一体的访问控制解决方案。
运行Cisco Identity Services Engine (ISE)软件的设备的Admin门户存在安全漏洞,可使未经身份验证的攻击者访问受影响设备。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布升级补丁/版本以修复这个安全问题,请用户及时下载更新: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
Reference
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6323
Impacted products
| Name | ['Cisco Identity Services Engine (ISE) > 1.1', 'Cisco Identity Services Engine (ISE) 1.2.0(< 17)', 'Cisco Identity Services Engine (ISE) 1.2.1(< 8)', 'Cisco Identity Services Engine (ISE) 1.3(< 5)', 'Cisco Identity Services Engine (ISE) 1.4(< 4)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-6323"
}
},
"description": "Cisco Identity Services Engine\u662f\u96c6\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548cAAA\u3001\u72b6\u6001\u3001\u8bbe\u7f6e\u6587\u4ef6\u548c\u5ba2\u6237\u7aef\u7ba1\u7406\u4e3a\u4e00\u4f53\u7684\u8bbf\u95ee\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u8fd0\u884cCisco Identity Services Engine (ISE)\u8f6f\u4ef6\u7684\u8bbe\u5907\u7684Admin\u95e8\u6237\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u8bbf\u95ee\u53d7\u5f71\u54cd\u8bbe\u5907\u3002",
"discovererName": "Cisco",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-00371",
"openTime": "2016-01-15",
"patchDescription": "Cisco Identity Services Engine\u662f\u96c6\u8eab\u4efd\u9a8c\u8bc1\u3001\u6388\u6743\u548cAAA\u3001\u72b6\u6001\u3001\u8bbe\u7f6e\u6587\u4ef6\u548c\u5ba2\u6237\u7aef\u7ba1\u7406\u4e3a\u4e00\u4f53\u7684\u8bbf\u95ee\u63a7\u5236\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u8fd0\u884cCisco Identity Services Engine (ISE)\u8f6f\u4ef6\u7684\u8bbe\u5907\u7684Admin\u95e8\u6237\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u53ef\u4f7f\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u8bbf\u95ee\u53d7\u5f71\u54cd\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco Identity Services Engine\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco Identity Services Engine (ISE) \u003e 1.1",
"Cisco Identity Services Engine (ISE) 1.2.0(\u003c 17)",
"Cisco Identity Services Engine (ISE) 1.2.1(\u003c 8)",
"Cisco Identity Services Engine (ISE) 1.3(\u003c 5)",
"Cisco Identity Services Engine (ISE) 1.4(\u003c 4)"
]
},
"referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6323",
"serverity": "\u9ad8",
"submitTime": "2016-01-14",
"title": "Cisco Identity Services Engine\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}
CERTFR-2016-AVI-021
Vulnerability from certfr_avis - Published: 2016-01-14 - Updated: 2016-01-14
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Contrôleurs sans fil Cisco séries 2500 | ||
| Cisco | N/A | Contrôleurs sans fil Cisco virtuels | ||
| Cisco | N/A | Contrôleurs sans fil Cisco Flex séries 7500 | ||
| Cisco | N/A | points d'accès Cisco Aironet séries 1830i | ||
| Cisco | N/A | points d'accès Cisco Aironet séries 1850e | ||
| Cisco | N/A | Cisco ISE versions 1.3 antérieures au patch 5 | ||
| Cisco | N/A | Contrôleurs sans fil Cisco séries 8500 | ||
| Cisco | N/A | Cisco ISE versions 1.4 antérieures au patch 4 | ||
| Cisco | N/A | Contrôleurs sans fil Cisco séries 5500 | ||
| Cisco | N/A | points d'accès Cisco Aironet séries 1850i | ||
| Cisco | N/A | Cisco ISE versions 1.2 antérieures au patch 17 | ||
| Cisco | N/A | Cisco ISE version 1.1 | ||
| Cisco | N/A | Cisco ISE versions 1.2.1 antérieures au patch 8 | ||
| Cisco | N/A | Cisco ISE antéreur à la version 2.0 | ||
| Cisco | N/A | points d'accès Cisco Aironet séries 1830e |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contr\u00f4leurs sans fil Cisco s\u00e9ries 2500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leurs sans fil Cisco virtuels",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leurs sans fil Cisco Flex s\u00e9ries 7500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "points d\u0027acc\u00e8s Cisco Aironet s\u00e9ries 1830i",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "points d\u0027acc\u00e8s Cisco Aironet s\u00e9ries 1850e",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE versions 1.3 ant\u00e9rieures au patch 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leurs sans fil Cisco s\u00e9ries 8500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE versions 1.4 ant\u00e9rieures au patch 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Contr\u00f4leurs sans fil Cisco s\u00e9ries 5500",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "points d\u0027acc\u00e8s Cisco Aironet s\u00e9ries 1850i",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE versions 1.2 ant\u00e9rieures au patch 17",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE versions 1.2.1 ant\u00e9rieures au patch 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ISE ant\u00e9reur \u00e0 la version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "points d\u0027acc\u00e8s Cisco Aironet s\u00e9ries 1830e",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6317"
},
{
"name": "CVE-2015-6314",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6314"
},
{
"name": "CVE-2015-6320",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6320"
},
{
"name": "CVE-2015-6323",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6323"
},
{
"name": "CVE-2015-6336",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6336"
}
],
"initial_release_date": "2016-01-14T00:00:00",
"last_revision_date": "2016-01-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-aironet du 13 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-aironet"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise du 13 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-wlc du 13 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-wlc"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-air du 13 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise2 du 13 janvier 2016",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
}
],
"reference": "CERTFR-2016-AVI-021",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-aironet du 13 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-wlc du 13 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise du 13 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise2 du 13 janvier 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-air du 13 janvier 2016",
"url": null
}
]
}
CERTFR-2018-AVI-454
Vulnerability from certfr_avis - Published: 2018-09-25 - Updated: 2018-09-25
De multiples vulnérabilités ont été découvertes dans Cisco Identity Services Engine. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.4 antérieures à la version 1.1.4.218-7 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.2 antérieures à la version 1.1.2.145-10 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.2 antérieures à la version 1.2.0.899-2 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.1 antérieures à la version 1.1.1.268-7 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.0 et 1.1.0 antérieures à la version 1.1.0.665-5 | ||
| Cisco | Identity Services Engine | Cisco Identity Services Engine versions 1.1.3 antérieures à la version 1.1.3.124-7 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Identity Services Engine versions 1.1.4 ant\u00e9rieures \u00e0 la version 1.1.4.218-7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.1.2 ant\u00e9rieures \u00e0 la version 1.1.2.145-10",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.2 ant\u00e9rieures \u00e0 la version 1.2.0.899-2",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.1.1 ant\u00e9rieures \u00e0 la version 1.1.1.268-7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.0 et 1.1.0 ant\u00e9rieures \u00e0 la version 1.1.0.665-5",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Identity Services Engine versions 1.1.3 ant\u00e9rieures \u00e0 la version 1.1.3.124-7",
"product": {
"name": "Identity Services Engine",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-6323",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6323"
},
{
"name": "CVE-2013-5530",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5530"
},
{
"name": "CVE-2013-5531",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5531"
}
],
"initial_release_date": "2018-09-25T00:00:00",
"last_revision_date": "2018-09-25T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0cisco-sa-20131023-ise du 24 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco\u00a0cisco-sa-20160113-ise du 24 septembre 2018",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
}
],
"reference": "CERTFR-2018-AVI-454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco Identity\nServices Engine. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Identity Services Engine",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160113-ise du 24 septembre 2018",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20131023-ise du 24 septembre 2018",
"url": null
}
]
}
CVE-2015-6323
Vulnerability from fstec - Published: 15.01.2016
VLAI Severity ?
Title
Уязвимость платформы управления политиками соединений Cisco Identity Services Engine, позволяющая нарушителю получить права администратора
Description
Уязвимость платформы управления политиками соединений Cisco Identity Services Engine связана с недостатками процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить права администратора
Severity ?
Vendor
Cisco Systems Inc.
Software Name
Cisco Identity Services Engine
Software Version
от 1.1 до 1.2.0 Patch 17 (Cisco Identity Services Engine), от 1.2.1 до 1.2.1 Patch 8 (Cisco Identity Services Engine), от 1.3 до 1.3 Patch 5 (Cisco Identity Services Engine), от 1.4 до 1.4 Patch 4 (Cisco Identity Services Engine)
Possible Mitigations
Обновление программного средства до одной из версий: 1.2.0 Patch 17, 1.2.1 Patch 8, 1.3 Patch 5, 1.4 Patch 4 или более новой
Reference
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
CWE
CWE-287
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": null,
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.1 \u0434\u043e 1.2.0 Patch 17 (Cisco Identity Services Engine), \u043e\u0442 1.2.1 \u0434\u043e 1.2.1 Patch 8 (Cisco Identity Services Engine), \u043e\u0442 1.3 \u0434\u043e 1.3 Patch 5 (Cisco Identity Services Engine), \u043e\u0442 1.4 \u0434\u043e 1.4 Patch 4 (Cisco Identity Services Engine)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043e \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0432\u0435\u0440\u0441\u0438\u0439: 1.2.0 Patch 17, 1.2.1 Patch 8, 1.3 Patch 5, 1.4 Patch 4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.01.2016",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.02.2016",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2016-00302",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-6323",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Identity Services Engine",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "VMware Inc. VMware ESXi . 64-bit, VMware Inc. VMware ESX . 64-bit, Cisco Systems Inc. Cisco Identity Services Engine . ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 Cisco Identity Services Engine, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 Cisco Identity Services Engine \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}
GSD-2015-6323
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-6323",
"description": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.",
"id": "GSD-2015-6323"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-6323"
],
"details": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.",
"id": "GSD-2015-6323",
"modified": "2023-12-13T01:20:04.470786Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"name": "1034666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034666"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(106.146\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.722\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.793\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(120.135\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.198\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.109\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.253\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.181\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6323"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"name": "1034666",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1034666"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": true,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2016-12-07T18:19Z",
"publishedDate": "2016-01-15T03:59Z"
}
}
}
GHSA-476P-Q5R3-G7XV
Vulnerability from github – Published: 2022-05-17 03:26 – Updated: 2022-05-17 03:26
VLAI?
Details
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2015-6323"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-01-15T03:59:00Z",
"severity": "CRITICAL"
},
"details": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.",
"id": "GHSA-476p-q5r3-g7xv",
"modified": "2022-05-17T03:26:59Z",
"published": "2022-05-17T03:26:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6323"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034666"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2015-6323
Vulnerability from fkie_nvd - Published: 2016-01-15 03:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82FCEF17-0223-44B8-947E-9CC733ED28DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "824AFCCC-537B-4CD1-873D-FC5ADB3E6625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "6C77ECD0-C872-410E-8525-4013CD9FEF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "42EA25D7-2DF0-4811-8D29-7C65A36A117E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "57E38A8B-A717-4795-BAFC-EC04781136D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "4CA142CA-C90A-4CCC-897C-F5FF6B6AB576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "1D149B6E-44EC-41B2-A23D-E670B865AC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA5CBE3-DBA6-4A3E-A07A-250C0C7155EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p1:*:*:*:*:*:*",
"matchCriteriaId": "66F0F676-226D-4509-AADE-DD86844B098C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p2:*:*:*:*:*:*",
"matchCriteriaId": "58014103-898F-437B-BA76-3C6F0D0709DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p3:*:*:*:*:*:*",
"matchCriteriaId": "A2EFF6FC-7058-4CFE-966B-DF124AD2286F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p4:*:*:*:*:*:*",
"matchCriteriaId": "27009B65-3EFB-4038-8310-60FB0968C141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p5:*:*:*:*:*:*",
"matchCriteriaId": "2F4EC156-55BA-4C1C-ACA3-724F797B76C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p6:*:*:*:*:*:*",
"matchCriteriaId": "DD74ABF5-E38E-4363-ABF5-2C76FBB9FB5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p7:*:*:*:*:*:*",
"matchCriteriaId": "A86B70C2-838D-4E52-9CD3-3227D6450498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p8:*:*:*:*:*:*",
"matchCriteriaId": "9E7DBDEB-BDD1-46E7-BF4B-946B11071056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p9:*:*:*:*:*:*",
"matchCriteriaId": "6FC656C0-629E-40E8-90A5-2D84BEA327C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26AD33E0-8946-4AEE-BA17-F5C270EF2320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "BC84D3B3-36E2-4F5C-85B2-6419088C324A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "2ECF4497-24DA-43BB-9723-5D34C2B3CB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "A8C8EB11-E866-4275-9D81-77BF8F746297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "6252AF57-B742-4B9C-8F41-CB6A0507E3CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "2016B837-F984-4FED-991C-836E1C6A84E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p6:*:*:*:*:*:*",
"matchCriteriaId": "B1547F7E-9B6D-4643-81D0-B8CF3913FA0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p7:*:*:*:*:*:*",
"matchCriteriaId": "D16606E3-0181-44E1-8599-865C09BEE7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F6C359-EA1F-4194-8561-6B9E0B44A0A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "27DFF577-674F-4ECB-AD4F-67CBA44C99A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "4C825BD3-EDA2-425E-8996-5E26A29CECF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "83AC276E-0B3F-4837-9918-6066FF78BFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "6CB114A4-B46B-434F-BDCB-264837BFB246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "D303E482-A46D-444E-9220-EF6E088E8F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "49DAEA26-7440-4FF0-8F6B-10ECBB303A8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p7:*:*:*:*:*:*",
"matchCriteriaId": "D89B1F19-794B-458B-84C0-623D8A3EDA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1_base:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A2054E-0ACD-47AC-9FA6-DE3289B4C6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4388586C-A521-421E-ABBE-34DB8AFBD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.793\\):*:*:*:*:*:*:*",
"matchCriteriaId": "02270440-39DC-4105-B54F-25CF15507461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.198\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E4448DC8-E3DE-4D1D-870A-F399B2CAAD7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p14:*:*:*:*:*:*",
"matchCriteriaId": "254C0C70-12D9-4F43-8EDA-24B66D4127DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "440F2892-7695-4ADA-8E4E-94FEF4CF92CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "663B6931-F31C-4BF1-8A6F-8CE066AA9B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "8895CC4C-405A-4A6E-8D22-F70AA5A12888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2_base:*:*:*:*:*:*:*",
"matchCriteriaId": "C47DA0F0-DF8E-4B0A-B184-C57A4F706D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.722\\):*:*:*:*:*:*:*",
"matchCriteriaId": "75C5C1DD-658E-4376-9E05-997297E49C4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F0C8A13-77BB-4D48-99C1-6C16D6A13FA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(106.146\\):*:*:*:*:*:*:*",
"matchCriteriaId": "00932EDA-FF42-4422-893B-654DD3460230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(120.135\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA183646-B28E-4565-A0C2-C8B1591F0569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C56C16D1-F75E-49A7-850C-0A7E4CE25CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.181\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CC32610B-2D09-4F85-A2A1-775E6A778A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.253\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D2621F2E-B212-40C6-9C17-90E49F75FAE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
},
{
"lang": "es",
"value": "El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos obtener acceso administrativo a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuw34253."
}
],
"id": "CVE-2015-6323",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-15T03:59:06.950",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1034666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034666"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…