Sign-up

ID

VAR-201506-0243


CVE

CVE-2015-4182


TITLE

Cisco Identity Services Engine Management Web Vulnerabilities that prevent access restrictions in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-003077

DESCRIPTION

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. An attacker can exploit these issues to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCui72087. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2015-4182 // JVNDB: JVNDB-2015-003077 // BID: 75152 // VULHUB: VHN-82143

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2

Trust: 1.9

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1

Trust: 1.9

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0.4.573

Trust: 1.9

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0_base

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(0.899\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(1.901\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.4

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(0.747\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3

Trust: 1.6

vendor:ciscomodel:identity services enginescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:ltversion:1.3

Trust: 0.8

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.2.12

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.2.11

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.2.0.89914

Trust: 0.3

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2(1.901)

Trust: 0.3

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2(0.747)

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.47

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.46

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.45

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.44

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.43

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.42

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.41

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.37

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.36

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.35

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.34

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.33

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.32

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.31

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.29

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.28

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.27

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.26

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.25

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.24

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.23

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.22

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.21

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.16

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.15

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.14

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.13

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.12

Trust: 0.3

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.1.11

Trust: 0.3

vendor:ciscomodel:identity services engine software mrscope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0

Trust: 0.3

vendor:ciscomodel:identity services engine softwarescope:neversion:1.3

Trust: 0.3

sources: BID: 75152 // JVNDB: JVNDB-2015-003077 // CNNVD: CNNVD-201506-242 // NVD: CVE-2015-4182

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4182
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4182
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201506-242
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82143
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4182
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82143
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82143 // JVNDB: JVNDB-2015-003077 // CNNVD: CNNVD-201506-242 // NVD: CVE-2015-4182

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-82143 // JVNDB: JVNDB-2015-003077 // NVD: CVE-2015-4182

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-242

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-242

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003077

PATCH
title:39299url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39299
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003077

EXTERNAL IDS
db:NVDid:CVE-2015-4182
Trust: 2.8
db:BIDid:75152
Trust: 1.4
db:SECTRACKid:1032579
Trust: 1.1
db:JVNDBid:JVNDB-2015-003077
Trust: 0.8
db:CNNVDid:CNNVD-201506-242
Trust: 0.7
db:VULHUBid:VHN-82143
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82143 // 
            
            
            
            BID: 75152 // 
            
            
            
            JVNDB: JVNDB-2015-003077 // 
            
            
            
            CNNVD: CNNVD-201506-242 // 
            
            
            
            NVD: CVE-2015-4182

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39299
Trust: 2.0
url:http://www.securityfocus.com/bid/75152
Trust: 1.1
url:http://www.securitytracker.com/id/1032579
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4182
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4182
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps11640/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82143 // 
            
            
            
            BID: 75152 // 
            
            
            
            JVNDB: JVNDB-2015-003077 // 
            
            
            
            CNNVD: CNNVD-201506-242 // 
            
            
            
            NVD: CVE-2015-4182

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75152

SOURCES
db:VULHUBid:VHN-82143
db:BIDid:75152
db:JVNDBid:JVNDB-2015-003077
db:CNNVDid:CNNVD-201506-242
db:NVDid:CVE-2015-4182

LAST UPDATE DATE
2024-11-23T22:56:25.214000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82143date:2017-01-04T00:00:00
db:BIDid:75152date:2015-06-11T00:00:00
db:JVNDBid:JVNDB-2015-003077date:2015-06-16T00:00:00
db:CNNVDid:CNNVD-201506-242date:2015-06-18T00:00:00
db:NVDid:CVE-2015-4182date:2024-11-21T02:30:35.333

SOURCES RELEASE DATE
db:VULHUBid:VHN-82143date:2015-06-12T00:00:00
db:BIDid:75152date:2015-06-11T00:00:00
db:JVNDBid:JVNDB-2015-003077date:2015-06-16T00:00:00
db:CNNVDid:CNNVD-201506-242date:2015-06-15T00:00:00
db:NVDid:CVE-2015-4182date:2015-06-12T14:59:04.443