Lucene search

[email protected]CVE-2017-6747

HistoryAug 07, 2017 - 6:29 a.m.

CVE-2017-6747

2017-08-0706:29:00

CWE-287

[email protected]

web.nvd.nist.gov

cisco

ise

vulnerability

authentication

bypass

remote attacker

super admin

cisco bug ids

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

JSON

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995.

Affected configurations

NVD

Node

ciscoidentity_services_engineMatch1.3\(0.722\)

ciscoidentity_services_engineMatch1.3\(0.876\)

ciscoidentity_services_engineMatch1.3\(0.909\)

ciscoidentity_services_engineMatch1.3\(106.146\)

ciscoidentity_services_engineMatch1.3\(120.135\)

ciscoidentity_services_engineMatch1.4\(0.109\)

ciscoidentity_services_engineMatch1.4\(0.181\)

ciscoidentity_services_engineMatch1.4\(0.253\)

ciscoidentity_services_engineMatch1.4\(0.908\)

ciscoidentity_services_engineMatch2.0\(0.147\)

ciscoidentity_services_engineMatch2.0\(0.169\)

ciscoidentity_services_engineMatch2.0\(0.222\)

ciscoidentity_services_engineMatch2.0\(1.130\)

ciscoidentity_services_engineMatch2.0_base

ciscoidentity_services_engineMatch2.1\(0.474\)

ciscoidentity_services_engineMatch2.1\(0.800\)

ciscoidentity_services_engineMatch2.1\(102.101\)

ciscoidentity_services_engineMatch2.1_base

CPENameOperatorVersion
cisco:identity_services_enginecisco identity services engineeq1.3\(0.722\)
cisco:identity_services_enginecisco identity services engineeq1.3\(0.876\)
cisco:identity_services_enginecisco identity services engineeq1.3\(0.909\)
cisco:identity_services_enginecisco identity services engineeq1.3\(106.146\)
cisco:identity_services_enginecisco identity services engineeq1.3\(120.135\)
cisco:identity_services_enginecisco identity services engineeq1.4\(0.109\)
cisco:identity_services_enginecisco identity services engineeq1.4\(0.181\)
cisco:identity_services_enginecisco identity services engineeq1.4\(0.253\)
cisco:identity_services_enginecisco identity services engineeq1.4\(0.908\)
cisco:identity_services_enginecisco identity services engineeq2.0\(0.147\)

CPE	Name	Operator	Version
cisco:identity_services_engine	cisco identity services engine	eq	1.3\(0.722\)
cisco:identity_services_engine	cisco identity services engine	eq	1.3\(0.876\)
cisco:identity_services_engine	cisco identity services engine	eq	1.3\(0.909\)
cisco:identity_services_engine	cisco identity services engine	eq	1.3\(106.146\)
cisco:identity_services_engine	cisco identity services engine	eq	1.3\(120.135\)
cisco:identity_services_engine	cisco identity services engine	eq	1.4\(0.109\)
cisco:identity_services_engine	cisco identity services engine	eq	1.4\(0.181\)
cisco:identity_services_engine	cisco identity services engine	eq	1.4\(0.253\)
cisco:identity_services_engine	cisco identity services engine	eq	1.4\(0.908\)
cisco:identity_services_engine	cisco identity services engine	eq	2.0\(0.147\)

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Identity Services Engine"
      }
    ]
  }
]

References

www.securitytracker.com/id/1039054

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for CVE-2017-6747

cisco1 nvd1 nessus1 openvas1 prion1 cvelist1