Sign-up

ID

VAR-201412-0301


CVE

CVE-2014-8015


TITLE

Cisco Identity Services Engine of Sponsor Portal Vulnerable to gaining access to any sponsor guest account

Trust: 0.8

sources: JVNDB: JVNDB-2014-007360

DESCRIPTION

The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. A remote attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCur64400. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2014-8015 // JVNDB: JVNDB-2014-007360 // BID: 71766 // VULHUB: VHN-75960

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:0

Trust: 0.3

sources: BID: 71766 // JVNDB: JVNDB-2014-007360 // CNNVD: CNNVD-201412-464 // NVD: CVE-2014-8015

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8015
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-8015
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201412-464
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75960
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-8015
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-75960
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-75960 // JVNDB: JVNDB-2014-007360 // CNNVD: CNNVD-201412-464 // NVD: CVE-2014-8015

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-75960 // JVNDB: JVNDB-2014-007360 // NVD: CVE-2014-8015

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-464

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201412-464

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007360

PATCH
title:Cisco Identity Services Engine Portal Privilege Elevation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007360

EXTERNAL IDS
db:NVDid:CVE-2014-8015
Trust: 2.8
db:SECTRACKid:1031423
Trust: 1.1
db:JVNDBid:JVNDB-2014-007360
Trust: 0.8
db:CNNVDid:CNNVD-201412-464
Trust: 0.7
db:BIDid:71766
Trust: 0.4
db:VULHUBid:VHN-75960
Trust: 0.1
sources:
            
            
            VULHUB: VHN-75960 // 
            
            
            
            BID: 71766 // 
            
            
            
            JVNDB: JVNDB-2014-007360 // 
            
            
            
            CNNVD: CNNVD-201412-464 // 
            
            
            
            NVD: CVE-2014-8015

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8015
Trust: 2.0
url:http://www.securitytracker.com/id/1031423
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8015
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8015
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11640/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-75960 // 
            
            
            
            BID: 71766 // 
            
            
            
            JVNDB: JVNDB-2014-007360 // 
            
            
            
            CNNVD: CNNVD-201412-464 // 
            
            
            
            NVD: CVE-2014-8015

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 71766

SOURCES
db:VULHUBid:VHN-75960
db:BIDid:71766
db:JVNDBid:JVNDB-2014-007360
db:CNNVDid:CNNVD-201412-464
db:NVDid:CVE-2014-8015

LAST UPDATE DATE
2024-11-23T22:52:49.514000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-75960date:2017-01-03T00:00:00
db:BIDid:71766date:2014-12-22T00:00:00
db:JVNDBid:JVNDB-2014-007360date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-464date:2014-12-24T00:00:00
db:NVDid:CVE-2014-8015date:2024-11-21T02:18:25.903

SOURCES RELEASE DATE
db:VULHUBid:VHN-75960date:2014-12-22T00:00:00
db:BIDid:71766date:2014-12-22T00:00:00
db:JVNDBid:JVNDB-2014-007360date:2014-12-24T00:00:00
db:CNNVDid:CNNVD-201412-464date:2014-12-23T00:00:00
db:NVDid:CVE-2014-8015date:2014-12-22T19:59:00.053