SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Device (Embedded Server/Appliance)  >   Cisco Identity Services Engine Vendors:   Cisco
Cisco Identity Services Engine Authentication Module Bug Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1039054
SecurityTracker URL:  http://securitytracker.com/id/1039054
CVE Reference:   CVE-2017-6747   (Links to External Site)
Date:  Aug 2 2017
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3300 Series Appliances; 1.3, 1.4, 2.0.0, 2.0.1, 2.1.0
Description:   A vulnerability was reported in Cisco Identity Services Engine. A remote user can bypass authentication.

A remote user can authenticate with a valid external user account where there username matches an internal username to gain Super Admin privileges on Identity Services Engine (ISE) Admin portal.

Systems configured with the ISE Admin portal using an external identity source for authentication are affected.

Endpoints authenticating to the ISE are not affected.

The vendor has assigned bug ID CSCvb10995 to this vulnerability.

Impact:   A remote user can bypass authentication to gain Super Admin privileges on Identity Services Engine (ISE) Admin portal.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents

Date:  Wed, 02 Aug 2017 20:21:48 +0000
Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC