SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Identity Services Engine Vendors:   Cisco
Cisco Identity Services Engine Authentication Module Bug Lets Remote Users Bypass Authentication on the Target System
SecurityTracker Alert ID:  1039054
SecurityTracker URL:  http://securitytracker.com/id/1039054
CVE Reference:   CVE-2017-6747   (Links to External Site)
Date:  Aug 2 2017
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3300 Series Appliances; 1.3, 1.4, 2.0.0, 2.0.1, 2.1.0
Description:   A vulnerability was reported in Cisco Identity Services Engine. A remote user can bypass authentication.

A remote user can authenticate with a valid external user account where there username matches an internal username to gain Super Admin privileges on Identity Services Engine (ISE) Admin portal.

Systems configured with the ISE Admin portal using an external identity source for authentication are affected.

Endpoints authenticating to the ISE are not affected.

The vendor has assigned bug ID CSCvb10995 to this vulnerability.

Impact:   A remote user can bypass authentication to gain Super Admin privileges on Identity Services Engine (ISE) Admin portal.
Solution:   The vendor has issued a fix.

The vendor advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents

Subject:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC