The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote malicious users to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco identity services engine software 1.1.4 |
||
cisco identity services engine software 1.1.3 |
||
cisco identity services engine software 1.1.2 |
||
cisco identity services engine software 1.1.1 |
||
cisco identity services engine software 1.3\\(106.146\\) |
||
cisco identity services engine software 1.3\\(0.722\\) |
||
cisco identity services engine software 1.2.1 |
||
cisco identity services engine software 1.2\\(0.793\\) |
||
cisco identity services engine software 1.3\\(120.135\\) |
||
cisco identity services engine software 1.2\\(0.747\\) |
||
cisco identity services engine software 1.2\\(1.198\\) |
||
cisco identity services engine software 1.4\\(0.109\\) |
||
cisco identity services engine software 1.3\\(0.876\\) |
||
cisco identity services engine software 1.2.0.899 |
||
cisco identity services engine software 1.2_base |
||
cisco identity services engine software 1.1_base |
||
cisco identity services engine software 1.4\\(0.253\\) |
||
cisco identity services engine software 1.2\\(1.901\\) |
||
cisco identity services engine software 1.4\\(0.181\\) |
Wi-Fi gear, WLAN controllers, ISE get security patches
Cisco sysadmins have a busy day ahead of them, with vulnerabilities announced in wireless LAN controllers, the Cisco Identity Services Engine, and Aironet access points. The Aironet 1800 series flaw, CVE-2015-6336, is that old favorite: a hardcoded static password granting access to the device. Luckily, the account with the hardwired credential doesn't have admin privilege, so Cisco reckons its exposure is limited to denial-of-service attacks. The access points that need updating are the 1830e, ...
Vulmon