Sign-up

ID

VAR-201910-0958


CVE

CVE-2019-15282


TITLE

Cisco Identity Services Engine Vulnerability related to lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-011144

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.8

sources: NVD: CVE-2019-15282 // JVNDB: JVNDB-2019-011144 // VULHUB: VHN-147313 // VULMON: CVE-2019-15282

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:ltversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.40.357

Trust: 0.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.40.876

Trust: 0.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.00.147

Trust: 0.6

sources: JVNDB: JVNDB-2019-011144 // CNNVD: CNNVD-201910-1086 // NVD: CVE-2019-15282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15282
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15282
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15282
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1086
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147313
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-15282
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15282
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-147313
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15282
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15282
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-15282
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147313 // VULMON: CVE-2019-15282 // JVNDB: JVNDB-2019-011144 // CNNVD: CNNVD-201910-1086 // NVD: CVE-2019-15282 // NVD: CVE-2019-15282

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-147313 // JVNDB: JVNDB-2019-011144 // NVD: CVE-2019-15282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1086

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011144

PATCH
title:cisco-sa-20191016-ise-infodisurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis
Trust: 0.8
title:Cisco: Cisco Identity Services Engine Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20191016-ise-infodis
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-15282 // 
            
            
            
            JVNDB: JVNDB-2019-011144

EXTERNAL IDS
db:NVDid:CVE-2019-15282
Trust: 2.6
db:JVNDBid:JVNDB-2019-011144
Trust: 0.8
db:CNNVDid:CNNVD-201910-1086
Trust: 0.7
db:AUSCERTid:ESB-2019.3881
Trust: 0.6
db:VULHUBid:VHN-147313
Trust: 0.1
db:VULMONid:CVE-2019-15282
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147313 // 
            
            
            
            VULMON: CVE-2019-15282 // 
            
            
            
            JVNDB: JVNDB-2019-011144 // 
            
            
            
            CNNVD: CNNVD-201910-1086 // 
            
            
            
            NVD: CVE-2019-15282

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-infodis
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-15282
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15282
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-store-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-stored-xss
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3881/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/306.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110554
Trust: 0.1
sources:
            
            
            VULHUB: VHN-147313 // 
            
            
            
            VULMON: CVE-2019-15282 // 
            
            
            
            JVNDB: JVNDB-2019-011144 // 
            
            
            
            CNNVD: CNNVD-201910-1086 // 
            
            
            
            NVD: CVE-2019-15282

CREDITS
Krzysztof Przybylski of Przybylski Consulting .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201910-1086

SOURCES
db:VULHUBid:VHN-147313
db:VULMONid:CVE-2019-15282
db:JVNDBid:JVNDB-2019-011144
db:CNNVDid:CNNVD-201910-1086
db:NVDid:CVE-2019-15282

LAST UPDATE DATE
2024-08-14T14:19:20.986000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-147313date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15282date:2019-10-22T00:00:00
db:JVNDBid:JVNDB-2019-011144date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1086date:2019-10-23T00:00:00
db:NVDid:CVE-2019-15282date:2019-10-22T13:16:25.943

SOURCES RELEASE DATE
db:VULHUBid:VHN-147313date:2019-10-16T00:00:00
db:VULMONid:CVE-2019-15282date:2019-10-16T00:00:00
db:JVNDBid:JVNDB-2019-011144date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1086date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15282date:2019-10-16T19:15:15.583