CVE-2017-6747 in Identity Services Engineinfo

Zusammenfassung

von MITRE

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

09.03.2017

Veröffentlichung

07.08.2017

Moderieren

akzeptiert

Eintrag

VDB-104899

CPE

bereit

EPSS

0.02246

KEV

nein

Aktivitäten

very low

Sektor

Lawfirm, Police, ...

Quellen

MITREhttps://www.cve.org/CVERecord?id=CVE-2017-6747
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-6747
CVE Detailshttps://www.cvedetails.com/cve/CVE-2017-6747/

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!