Information disclosure in Cisco Identity_services_engine_software
CVE-2015-4219
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain se…
Vulnerability class: Information Disclosure
EPSS: 0.004 (61.6th percentile) — read the EPSS interpretation.
Affected products
- Cisco Identity_services_engine_software — versions 1.0.4.573
- Cisco Secure_access_control_system — versions 5.3.0.40.5
- N/a — versions n/a
Weakness classification (CWE)
References
- 1032713 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 20150623 Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 75379 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1032714 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)