Summary | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. A successful exploit could allow the attacker to download files that should be restricted. |
---|---|
Publication Date | Oct. 21, 2021, 12:15 p.m. |
Registration Date | Oct. 21, 2021, 4 p.m. |
Last Update | Nov. 7, 2023, 12:38 p.m. |
CVSS3.1 : MEDIUM | |
スコア | 6.5 |
---|---|
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
攻撃元区分(AV) | ネットワーク |
攻撃条件の複雑さ(AC) | 低 |
攻撃に必要な特権レベル(PR) | 低 |
利用者の関与(UI) | 不要 |
影響の想定範囲(S) | 変更なし |
機密性への影響(C) | 高 |
完全性への影響(I) | なし |
可用性への影響(A) | なし |
CVSS2.0 : MEDIUM | |
Score | 4.0 |
---|---|
Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
攻撃元区分(AV) | ネットワーク |
攻撃条件の複雑さ(AC) | 低 |
攻撃前の認証要否(Au) | 単一 |
機密性への影響(C) | 低 |
完全性への影響(I) | なし |
可用性への影響(A) | なし |
Get all privileges. | いいえ |
Get user privileges | いいえ |
Get other privileges | いいえ |
User operation required | いいえ |
Configuration1 | or higher | or less | more than | less than | |
cpe:2.3:a:cisco:identity_services_engine:2.7\(0.207\):*:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7:*:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7\(0.356\):*:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7\(0.356\):-:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:2.7\(0.903\):*:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:3.0\(0.458\):*:*:*:*:*:*:* | |||||
cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:* | 2.6 |
Title | Cisco Identity Services Engine における不適切なデフォルトパーミッションに関する脆弱性 |
---|---|
Summary | Cisco Identity Services Engine (ISE) には、不適切なデフォルトパーミッションに関する脆弱性が存在します。 |
Possible impacts | 情報を取得される可能性があります。 |
Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
Publication Date | Oct. 20, 2021, midnight |
Registration Date | Sept. 30, 2022, 10:15 a.m. |
Last Update | Sept. 30, 2022, 10:15 a.m. |
シスコシステムズ |
Cisco Identity Services Engine (ISE) |
No | Changed Details | Date of change |
---|---|---|
1 | [2022年09月30日] 掲載 |
Sept. 30, 2022, 10:14 a.m. |