Details of VAR-201601-0007

ID

VAR-201601-0007

CVE

CVE-2015-6323

TITLE

Cisco Identity Services Engine Vulnerabilities that can gain management access in the management portal

Trust: 0.8

sources: JVNDB: JVNDB-2015-006809

DESCRIPTION

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. Vendors have confirmed this vulnerability Bug ID CSCuw34253 It is released as.A third party may gain administrative access. An remote attacker can exploit this issue to gain unauthorized access, which may lead to a complete compromise of an affected device. This issue is being tracked by Cisco bug ID CSCuw34253. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. An unauthorized access vulnerability exists in Cisco ISE. The following versions are affected: Cisco ISE running 1.1 and above, 1.2.0 prior to patch 17, 1.2.1 prior to patch 8, 1.3 prior to patch 5, and 1.4 prior to patch 4 software

Trust: 2.07

sources: NVD: CVE-2015-6323 // JVNDB: JVNDB-2015-006809 // BID: 80497 // VULHUB: VHN-84284 // VULMON: CVE-2015-6323

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2.1	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.2	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.3	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.4	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2\(1.198\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2\(1.901\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.1	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2\(0.747\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4\(0.109\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1_base	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2.0.899	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3\(0.722\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2_base	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3\(106.146\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4\(0.181\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4\(0.253\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2\(0.793\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3\(120.135\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3\(0.876\)	Trust: 1.0
vendor:	cisco	model:	identity services engine software	scope:	lt	version:	1.4	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	lt	version:	1.3	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.1.x	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.3 patch 5	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.4 patch 4	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	lt	version:	1.2.1	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2.0 patch 17	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	lt	version:	1.2.0	Trust: 0.8
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2.1 patch 8	Trust: 0.8
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.17	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.16	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.15	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.14	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.13	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.29	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.28	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.27	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.26	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.25	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.24	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.23	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.22	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.216	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.215	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.214	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.213	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.212	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.211	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.210	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.21	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.43	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.42	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.41	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.34	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.33	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.32	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.31	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.12	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	eq	version:	1.2.11	Trust: 0.3
vendor:	cisco	model:	identity services engine	scope:	eq	version:	1.1	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	ne	version:	1.2.18	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	ne	version:	1.217	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	ne	version:	1.44	Trust: 0.3
vendor:	cisco	model:	identity services engine software patch	scope:	ne	version:	1.35	Trust: 0.3

sources: BID: 80497 // JVNDB: JVNDB-2015-006809 // CNNVD: CNNVD-201601-262 // NVD: CVE-2015-6323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6323
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-6323
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201601-262
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-84284
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-6323
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6323
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-84284
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6323
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-84284 // VULMON: CVE-2015-6323 // JVNDB: JVNDB-2015-006809 // CNNVD: CNNVD-201601-262 // NVD: CVE-2015-6323

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2015-6323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-262

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201601-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006809

PATCH

title:	cisco-sa-20160113-ise	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise	Trust: 0.8
title:	Cisco Identity Services Engine Software Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59604	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2016/01/13/cisco_admins_gear_up_for_a_late_night/	Trust: 0.2
title:	Cisco: Cisco Identity Services Engine Unauthorized Access Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160113-ise	Trust: 0.1

sources: VULMON: CVE-2015-6323 // JVNDB: JVNDB-2015-006809 // CNNVD: CNNVD-201601-262

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6323	Trust: 2.9
db:	SECTRACK	id:	1034666	Trust: 1.2
db:	BID	id:	80497	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006809	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-262	Trust: 0.7
db:	VULHUB	id:	VHN-84284	Trust: 0.1
db:	VULMON	id:	CVE-2015-6323	Trust: 0.1

sources: VULHUB: VHN-84284 // VULMON: CVE-2015-6323 // BID: 80497 // JVNDB: JVNDB-2015-006809 // CNNVD: CNNVD-201601-262 // NVD: CVE-2015-6323

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160113-ise	Trust: 2.2
url:	http://www.securitytracker.com/id/1034666	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6323	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6323	Trust: 0.8
url:	http://www.securityfocus.com/bid/80497	Trust: 0.7
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-84284 // VULMON: CVE-2015-6323 // BID: 80497 // JVNDB: JVNDB-2015-006809 // CNNVD: CNNVD-201601-262 // NVD: CVE-2015-6323

CREDITS

Cisco.

Trust: 0.9

sources: BID: 80497 // CNNVD: CNNVD-201601-262

SOURCES

db:	VULHUB	id:	VHN-84284
db:	VULMON	id:	CVE-2015-6323
db:	BID	id:	80497
db:	JVNDB	id:	JVNDB-2015-006809
db:	CNNVD	id:	CNNVD-201601-262
db:	NVD	id:	CVE-2015-6323

LAST UPDATE DATE

2024-11-23T22:38:46.227000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84284	date:	2016-12-07T00:00:00
db:	VULMON	id:	CVE-2015-6323	date:	2016-12-07T00:00:00
db:	BID	id:	80497	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006809	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-262	date:	2016-01-25T00:00:00
db:	NVD	id:	CVE-2015-6323	date:	2024-11-21T02:34:47.143

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84284	date:	2016-01-15T00:00:00
db:	VULMON	id:	CVE-2015-6323	date:	2016-01-15T00:00:00
db:	BID	id:	80497	date:	2016-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-006809	date:	2016-01-21T00:00:00
db:	CNNVD	id:	CNNVD-201601-262	date:	2016-01-15T00:00:00
db:	NVD	id:	CVE-2015-6323	date:	2016-01-15T03:59:06.950