Details of VAR-201711-0317

ID

VAR-201711-0317

CVE

CVE-2017-12316

TITLE

Cisco Identity Services Engine Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-010480

DESCRIPTION

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. Cisco Identity Services Engine (ISE) Contains vulnerabilities related to security functions and vulnerabilities related to authentication. Vendors have confirmed this vulnerability Bug ID CSCve98518 It is released as.Information may be obtained. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the system. Successfully exploiting this issue may lead to further attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2017-12316 // JVNDB: JVNDB-2017-010480 // BID: 101931 // VULHUB: VHN-102826

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.1\(0.229\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine series appliances	scope:	eq	version:	33002.1(0.229)	Trust: 0.3

sources: BID: 101931 // JVNDB: JVNDB-2017-010480 // CNNVD: CNNVD-201711-666 // NVD: CVE-2017-12316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12316
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12316
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201711-666
value:	HIGH
Trust: 0.6
VULHUB:	VHN-102826
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12316
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102826
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12316
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102826 // JVNDB: JVNDB-2017-010480 // CNNVD: CNNVD-201711-666 // NVD: CVE-2017-12316

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.9
problemtype:	CWE-307	Trust: 1.1
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-102826 // JVNDB: JVNDB-2017-010480 // NVD: CVE-2017-12316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-666

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-666

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010480

PATCH

title:	cisco-sa-20171115-ise	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise	Trust: 0.8
title:	Cisco Identity Services Engine Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76494	Trust: 0.6

sources: JVNDB: JVNDB-2017-010480 // CNNVD: CNNVD-201711-666

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12316	Trust: 2.8
db:	BID	id:	101931	Trust: 2.0
db:	SECTRACK	id:	1039830	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-010480	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-666	Trust: 0.7
db:	VULHUB	id:	VHN-102826	Trust: 0.1

sources: VULHUB: VHN-102826 // BID: 101931 // JVNDB: JVNDB-2017-010480 // CNNVD: CNNVD-201711-666 // NVD: CVE-2017-12316

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171115-ise	Trust: 2.0
url:	http://www.securityfocus.com/bid/101931	Trust: 1.7
url:	http://www.securitytracker.com/id/1039830	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12316	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12316	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102826 // BID: 101931 // JVNDB: JVNDB-2017-010480 // CNNVD: CNNVD-201711-666 // NVD: CVE-2017-12316

CREDITS

Mauricio Urizar from Deep Security.

Trust: 0.3

sources: BID: 101931

SOURCES

db:	VULHUB	id:	VHN-102826
db:	BID	id:	101931
db:	JVNDB	id:	JVNDB-2017-010480
db:	CNNVD	id:	CNNVD-201711-666
db:	NVD	id:	CVE-2017-12316

LAST UPDATE DATE

2024-11-23T22:52:19.765000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102826	date:	2019-10-09T00:00:00
db:	BID	id:	101931	date:	2017-12-19T22:00:00
db:	JVNDB	id:	JVNDB-2017-010480	date:	2017-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201711-666	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12316	date:	2024-11-21T03:09:17.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102826	date:	2017-11-16T00:00:00
db:	BID	id:	101931	date:	2017-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-010480	date:	2017-12-15T00:00:00
db:	CNNVD	id:	CNNVD-201711-666	date:	2017-11-20T00:00:00
db:	NVD	id:	CVE-2017-12316	date:	2017-11-16T07:29:00.773