CVE-2019-1851
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
34.5%
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | identity_services_engine | 2.2(0.470) | cpe:2.3:a:cisco:identity_services_engine:2.2\(0.470\):*:*:*:*:*:*:* |
| cisco | identity_services_engine | 2.3(0.298) | cpe:2.3:a:cisco:identity_services_engine:2.3\(0.298\):*:*:*:*:*:*:* |
| cisco | identity_services_engine | 2.4(0.357) | cpe:2.3:a:cisco:identity_services_engine:2.4\(0.357\):*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
34.5%