Vulnerability in Cisco Identity_services_engine_software

CVE-2015-4182

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka…

EPSS: 0.003 (51.7th percentile) — read the EPSS interpretation.

Affected products

Cisco Identity_services_engine_software — versions 1.0.4.573, 1.0_base, 1.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

75152 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20150611 Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032579 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)