Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-4182

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.

Published

2015-06-12T14:59:04.443

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco identity_services_engine_software 1.0.4.573 Yes
Application cisco identity_services_engine_software 1.0_base Yes
Application cisco identity_services_engine_software 1.1 Yes
Application cisco identity_services_engine_software 1.2 Yes
Application cisco identity_services_engine_software 1.2\(0.747\) Yes
Application cisco identity_services_engine_software 1.2\(0.899\) Yes
Application cisco identity_services_engine_software 1.2\(1.901\) Yes
Application cisco identity_services_engine_software 1.3 Yes
Application cisco identity_services_engine_software 1.4 Yes
References