ID

VAR-201910-0958


CVE

CVE-2019-15282


TITLE

Cisco Identity Services Engine Vulnerability related to lack of authentication for critical functions in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-011144

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.8

sources: NVD: CVE-2019-15282 // JVNDB: JVNDB-2019-011144 // VULHUB: VHN-147313 // VULMON: CVE-2019-15282

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope:ltversion:2.4\(0.357\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.40.357

Trust: 0.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.40.876

Trust: 0.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.00.147

Trust: 0.6

sources: JVNDB: JVNDB-2019-011144 // CNNVD: CNNVD-201910-1086 // NVD: CVE-2019-15282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15282
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15282
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15282
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201910-1086
value: MEDIUM

Trust: 0.6

VULHUB: VHN-147313
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-15282
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-15282
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-147313
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-15282
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15282
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-15282
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-147313 // VULMON: CVE-2019-15282 // JVNDB: JVNDB-2019-011144 // CNNVD: CNNVD-201910-1086 // NVD: CVE-2019-15282 // NVD: CVE-2019-15282

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-147313 // JVNDB: JVNDB-2019-011144 // NVD: CVE-2019-15282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1086

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201910-1086

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011144

PATCH

title:cisco-sa-20191016-ise-infodisurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis

Trust: 0.8

title:Cisco: Cisco Identity Services Engine Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20191016-ise-infodis

Trust: 0.1

sources: VULMON: CVE-2019-15282 // JVNDB: JVNDB-2019-011144

EXTERNAL IDS

db:NVDid:CVE-2019-15282

Trust: 2.6

db:JVNDBid:JVNDB-2019-011144

Trust: 0.8

db:CNNVDid:CNNVD-201910-1086

Trust: 0.7

db:AUSCERTid:ESB-2019.3881

Trust: 0.6

db:VULHUBid:VHN-147313

Trust: 0.1

db:VULMONid:CVE-2019-15282

Trust: 0.1

sources: VULHUB: VHN-147313 // VULMON: CVE-2019-15282 // JVNDB: JVNDB-2019-011144 // CNNVD: CNNVD-201910-1086 // NVD: CVE-2019-15282

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-infodis

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-15282

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15282

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-store-xss

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191016-ise-stored-xss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3881/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110554

Trust: 0.1

sources: VULHUB: VHN-147313 // VULMON: CVE-2019-15282 // JVNDB: JVNDB-2019-011144 // CNNVD: CNNVD-201910-1086 // NVD: CVE-2019-15282

CREDITS

Krzysztof Przybylski of Przybylski Consulting .

Trust: 0.6

sources: CNNVD: CNNVD-201910-1086

SOURCES

db:VULHUBid:VHN-147313
db:VULMONid:CVE-2019-15282
db:JVNDBid:JVNDB-2019-011144
db:CNNVDid:CNNVD-201910-1086
db:NVDid:CVE-2019-15282

LAST UPDATE DATE

2024-08-14T14:19:20.986000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-147313date:2019-10-22T00:00:00
db:VULMONid:CVE-2019-15282date:2019-10-22T00:00:00
db:JVNDBid:JVNDB-2019-011144date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1086date:2019-10-23T00:00:00
db:NVDid:CVE-2019-15282date:2019-10-22T13:16:25.943

SOURCES RELEASE DATE

db:VULHUBid:VHN-147313date:2019-10-16T00:00:00
db:VULMONid:CVE-2019-15282date:2019-10-16T00:00:00
db:JVNDBid:JVNDB-2019-011144date:2019-10-29T00:00:00
db:CNNVDid:CNNVD-201910-1086date:2019-10-16T00:00:00
db:NVDid:CVE-2019-15282date:2019-10-16T19:15:15.583