Vulnerability in Cisco Identity_services_engine_software

CVE-2014-8015

The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

EPSS: 0.002 (38.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Identity_services_engine_software
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1031423 (vdb-entry, x_refsource_SECTRACK)