Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0213


A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753.


Published

2018-03-08T07:29:00.753

Last Modified

2024-11-21T03:37:44.770

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-264
  • Type: Primary
    CWE-20

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco identity_services_engine 2.1\(0.904\) Yes

References