Improper access control

2023-01-2007:15:00

PRIOn knowledge base

www.prio-n.com

cisco

identity services engine

web-based management interface

vulnerability

access control

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.6%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface.

This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted.

{{value}} [“%7b%7bvalue%7d%7d”])}]]

CPENameOperatorVersion
identity_services_enginelt2.6.0
identity_services_engineeq2.6.0 patch1
identity_services_engineeq2.6.0 patch2
identity_services_engineeq2.6.0 patch3
identity_services_engineeq2.6.0 patch6
identity_services_engineeq2.6.0 patch5
identity_services_engineeq2.6.0
identity_services_engineeq2.6.0 patch7
identity_services_engineeq2.7.0 patch2
identity_services_engineeq3.0.0

Name	Operator	Version
identity_services_engine	lt	2.6.0
identity_services_engine	eq	2.6.0 patch1
identity_services_engine	eq	2.6.0 patch2
identity_services_engine	eq	2.6.0 patch3
identity_services_engine	eq	2.6.0 patch6
identity_services_engine	eq	2.6.0 patch5
identity_services_engine	eq	2.6.0
identity_services_engine	eq	2.6.0 patch7
identity_services_engine	eq	2.7.0 patch2
identity_services_engine	eq	3.0.0