Sign-up

ID

VAR-201601-0002


CVE

CVE-2015-6317


TITLE

Cisco Identity Services Engine In Web Vulnerabilities that prevent access to resources

Trust: 0.8

sources: JVNDB: JVNDB-2015-006851

DESCRIPTION

Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Vendors have confirmed this vulnerability Bug ID CSCuu45926 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlVia a direct request by a remotely authenticated user, Web Access restrictions to resources may be avoided. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 2.07

sources: NVD: CVE-2015-6317 // JVNDB: JVNDB-2015-006851 // BID: 80494 // VULHUB: VHN-84278 // VULMON: CVE-2015-6317

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.1

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0_base

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.2

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3\(0.876\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(1.198\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(1.901\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0.4.573

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(0.747\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2.1

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.4\(0.109\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.4

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1_base

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.1.3

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2.0.899

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3\(0.722\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2_base

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3\(106.146\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.4\(0.181\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.4\(0.253\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(0.793\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3\(120.135\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.0_mr_base

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:ltversion:2.0

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:1.1.3

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:1.0.4

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:2.0

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:1.2

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:1.1

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:1.0

Trust: 0.3

sources: BID: 80494 // JVNDB: JVNDB-2015-006851 // CNNVD: CNNVD-201601-264 // NVD: CVE-2015-6317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6317
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6317
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201601-264
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84278
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-6317
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6317
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-84278
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6317
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-84278 // VULMON: CVE-2015-6317 // JVNDB: JVNDB-2015-006851 // CNNVD: CNNVD-201601-264 // NVD: CVE-2015-6317

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-84278 // JVNDB: JVNDB-2015-006851 // NVD: CVE-2015-6317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-264

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201601-264

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006851

PATCH
title:cisco-sa-20160113-ise2url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
Trust: 0.8
title:Cisco Identity Services Engine Software Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59606
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2016/01/13/cisco_admins_gear_up_for_a_late_night/
Trust: 0.2
title:Cisco: Cisco Identity Services Engine Unauthorized Access Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160113-ise2
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-6317 // 
            
            
            
            JVNDB: JVNDB-2015-006851 // 
            
            
            
            CNNVD: CNNVD-201601-264

EXTERNAL IDS
db:NVDid:CVE-2015-6317
Trust: 2.9
db:SECTRACKid:1034767
Trust: 1.2
db:BIDid:80494
Trust: 1.1
db:JVNDBid:JVNDB-2015-006851
Trust: 0.8
db:CNNVDid:CNNVD-201601-264
Trust: 0.7
db:VULHUBid:VHN-84278
Trust: 0.1
db:VULMONid:CVE-2015-6317
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84278 // 
            
            
            
            VULMON: CVE-2015-6317 // 
            
            
            
            BID: 80494 // 
            
            
            
            JVNDB: JVNDB-2015-006851 // 
            
            
            
            CNNVD: CNNVD-201601-264 // 
            
            
            
            NVD: CVE-2015-6317

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160113-ise2
Trust: 2.2
url:http://www.securitytracker.com/id/1034767
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6317
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6317
Trust: 0.8
url:http://www.securityfocus.com/bid/80494
Trust: 0.7
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html?referring_site=smartnavrd
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84278 // 
            
            
            
            VULMON: CVE-2015-6317 // 
            
            
            
            BID: 80494 // 
            
            
            
            JVNDB: JVNDB-2015-006851 // 
            
            
            
            CNNVD: CNNVD-201601-264 // 
            
            
            
            NVD: CVE-2015-6317

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 80494 // 
            
            
            
            CNNVD: CNNVD-201601-264

SOURCES
db:VULHUBid:VHN-84278
db:VULMONid:CVE-2015-6317
db:BIDid:80494
db:JVNDBid:JVNDB-2015-006851
db:CNNVDid:CNNVD-201601-264
db:NVDid:CVE-2015-6317

LAST UPDATE DATE
2024-11-23T22:42:22.781000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84278date:2016-12-07T00:00:00
db:VULMONid:CVE-2015-6317date:2016-12-07T00:00:00
db:BIDid:80494date:2016-01-13T00:00:00
db:JVNDBid:JVNDB-2015-006851date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-264date:2016-01-25T00:00:00
db:NVDid:CVE-2015-6317date:2024-11-21T02:34:46.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-84278date:2016-01-23T00:00:00
db:VULMONid:CVE-2015-6317date:2016-01-23T00:00:00
db:BIDid:80494date:2016-01-13T00:00:00
db:JVNDBid:JVNDB-2015-006851date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-264date:2016-01-15T00:00:00
db:NVDid:CVE-2015-6317date:2016-01-23T05:59:00.113