Sign-up

ID

VAR-201401-0329


CVE

CVE-2014-0665


TITLE

Cisco Identity Services Engine Software of RBAC Vulnerability in which important information is obtained in the implementation of

Trust: 0.8

sources: JVNDB: JVNDB-2014-001069

DESCRIPTION

The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904. An attacker can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCul83904. Cisco Identity Services Engine (ISE) is an identity-based context-aware platform (ISE Identity Services Engine) from Cisco. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. A permissions and access control vulnerability exists in Cisco ISE Software's role-based access control code

Trust: 2.07

sources: NVD: CVE-2014-0665 // JVNDB: JVNDB-2014-001069 // BID: 64939 // VULHUB: VHN-68158 // VULMON: CVE-2014-0665

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:lteversion:1.2 patch 2

Trust: 0.8

sources: JVNDB: JVNDB-2014-001069 // CNNVD: CNNVD-201401-326 // NVD: CVE-2014-0665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0665
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0665
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-326
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68158
value: MEDIUM

Trust: 0.1

VULMON: CVE-2014-0665
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0665
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-68158
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68158 // VULMON: CVE-2014-0665 // JVNDB: JVNDB-2014-001069 // CNNVD: CNNVD-201401-326 // NVD: CVE-2014-0665

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68158 // JVNDB: JVNDB-2014-001069 // NVD: CVE-2014-0665

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-326

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-326

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001069

PATCH
title:Cisco ISE Unprivileged Support Bundle Download Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665
Trust: 0.8
title:32448url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32448
Trust: 0.8
title:Cisco: Cisco ISE Unprivileged Support Bundle Download Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20140115-CVE-2014-0665
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-0665 // 
            
            
            
            JVNDB: JVNDB-2014-001069

EXTERNAL IDS
db:NVDid:CVE-2014-0665
Trust: 2.9
db:BIDid:64939
Trust: 1.5
db:SECUNIAid:56439
Trust: 1.2
db:OSVDBid:102118
Trust: 1.2
db:SECTRACKid:1029624
Trust: 1.2
db:JVNDBid:JVNDB-2014-001069
Trust: 0.8
db:CNNVDid:CNNVD-201401-326
Trust: 0.7
db:CISCOid:20140115 CISCO ISE UNPRIVILEGED SUPPORT BUNDLE DOWNLOAD VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68158
Trust: 0.1
db:VULMONid:CVE-2014-0665
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68158 // 
            
            
            
            VULMON: CVE-2014-0665 // 
            
            
            
            BID: 64939 // 
            
            
            
            JVNDB: JVNDB-2014-001069 // 
            
            
            
            CNNVD: CNNVD-201401-326 // 
            
            
            
            NVD: CVE-2014-0665

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0665
Trust: 1.8
url:http://www.securityfocus.com/bid/64939
Trust: 1.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32448
Trust: 1.2
url:http://osvdb.org/102118
Trust: 1.2
url:http://www.securitytracker.com/id/1029624
Trust: 1.2
url:http://secunia.com/advisories/56439
Trust: 1.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90463
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0665
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0665
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140115-cve-2014-0665
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68158 // 
            
            
            
            VULMON: CVE-2014-0665 // 
            
            
            
            BID: 64939 // 
            
            
            
            JVNDB: JVNDB-2014-001069 // 
            
            
            
            CNNVD: CNNVD-201401-326 // 
            
            
            
            NVD: CVE-2014-0665

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64939

SOURCES
db:VULHUBid:VHN-68158
db:VULMONid:CVE-2014-0665
db:BIDid:64939
db:JVNDBid:JVNDB-2014-001069
db:CNNVDid:CNNVD-201401-326
db:NVDid:CVE-2014-0665

LAST UPDATE DATE
2024-11-23T22:35:17.223000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68158date:2017-08-29T00:00:00
db:VULMONid:CVE-2014-0665date:2017-08-29T00:00:00
db:BIDid:64939date:2014-01-15T00:00:00
db:JVNDBid:JVNDB-2014-001069date:2014-01-16T00:00:00
db:CNNVDid:CNNVD-201401-326date:2014-01-18T00:00:00
db:NVDid:CVE-2014-0665date:2024-11-21T02:02:37.190

SOURCES RELEASE DATE
db:VULHUBid:VHN-68158date:2014-01-15T00:00:00
db:VULMONid:CVE-2014-0665date:2014-01-15T00:00:00
db:BIDid:64939date:2014-01-15T00:00:00
db:JVNDBid:JVNDB-2014-001069date:2014-01-16T00:00:00
db:CNNVDid:CNNVD-201401-326date:2014-01-18T00:00:00
db:NVDid:CVE-2014-0665date:2014-01-15T16:11:08.457