Cisco Identify Services Engine (ISE) Admin Portal Unauthorized Access

critical Nessus Plugin ID 97469

Synopsis

An identity and access control policy management application running on the remote device is affected by an unauthorized access vulnerability.

Description

According to its self-reported version number and installed patches, the remote Cisco Identity Services Engine (ISE) application running on the remote device is affected by an unspecified flaw in the Admin portal that allows unauthorized access. An unauthenticated, remote attacker can exploit this issue to obtain complete control of the device.

Solution

Apply the appropriate patch referenced in Cisco Security Advisory cisco-sa-20160113-ise.

See Also

http://www.nessus.org/u?59e15877

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw34253

Plugin Details

Severity: Critical

ID: 97469

File Name: cisco-sa-20160113-ise.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 3/1/2017

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:cisco:identity_services_engine, cpe:/a:cisco:identity_services_engine, cpe:/a:cisco:identity_services_engine_software

Required KB Items: Host/Cisco/ISE/version

Exploit Ease: No known exploits are available

Patch Publication Date: 1/13/2016

Vulnerability Publication Date: 1/13/2016

Reference Information

CVE: CVE-2015-6323

BID: 80497

CISCO-SA: cisco-sa-20160113-ise

CISCO-BUG-ID: CSCuw34253