Cisco Identity Services Engine (ISE) prior to 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco identity services engine software 1.1.2 |
||
cisco identity services engine software 1.1.1 |
||
cisco identity services engine software 1.1.4 |
||
cisco identity services engine software 1.2(0.793) |
||
cisco identity services engine software 1.1 base |
||
cisco identity services engine software 1.3(0.876) |
||
cisco identity services engine software 1.1.3 |
||
cisco identity services engine software 1.2(1.198) |
||
cisco identity services engine software 1.3(0.722) |
||
cisco identity services engine software 1.2.1 |
||
cisco identity services engine software 1.2 base |
||
cisco identity services engine software 1.0.4.573 |
||
cisco identity services engine software 1.2(1.901) |
||
cisco identity services engine software 1.2.0.899 |
||
cisco identity services engine software 1.2(0.747) |
||
cisco identity services engine software 1.4(0.181) |
||
cisco identity services engine software 1.0 base |
||
cisco identity services engine software 1.0 mr base |
||
cisco identity services engine software 1.3(106.146) |
||
cisco identity services engine software 1.3(120.135) |
||
cisco identity services engine software 1.4(0.109) |
||
cisco identity services engine software 1.4(0.253) |
Wi-Fi gear, WLAN controllers, ISE get security patches
Cisco sysadmins have a busy day ahead of them, with vulnerabilities announced in wireless LAN controllers, the Cisco Identity Services Engine, and Aironet access points. The Aironet 1800 series flaw, CVE-2015-6336, is that old favorite: a hardcoded static password granting access to the device. Luckily, the account with the hardwired credential doesn't have admin privilege, so Cisco reckons its exposure is limited to denial-of-service attacks. The access points that need updating are the 1830e, ...