Published: 19/04/2018 Updated: 09/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local malicious user to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the malicious user to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions before 2.2.0.470. Cisco Bug IDs: CSCvf54409.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco identity services engine

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell The vulnerability is due to improper configuration of the support tunnel feature An attacker could exploit this vulnerability by tricking the device into unlocking the support user account ...

NVD-CWE-noinfo https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise http://www.securitytracker.com/id/1040717 https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-0275

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect