Vulnerability in Cisco Identity_services_engine
CVE-2013-5538
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
EPSS: 0.002 (40.7th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine
- Cisco Identity_services_engine_software
- N/a — versions n/a
Weakness classification (CWE)
References
- 20131015 Cisco Identity Services Engine Sponsor Portal File Access Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)