What is CVE-2017-12316?

CVE-2017-12316 is a high-severity vulnerability in Cisco Identity_services_engine_software, classified under Improper Authentication. CVSS score: 7.5/10. Published 2017-11-16.

How severe is CVE-2017-12316?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in Cisco Identity_services_engine_software

CVE-2017-12316

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is…

Vulnerability class: Broken Authentication

EPSS: 0.012 (79.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Identity_services_engine_software — versions 2.1\(0.229\)
N/a Cisco Identity Services Engine — versions Cisco Identity Services Engine

Weakness classification (CWE)

References

psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2017-12316?: CVE-2017-12316 is a high-severity vulnerability in Cisco Identity_services_engine_software, classified under Improper Authentication. CVSS score: 7.5/10. Published 2017-11-16.
How severe is CVE-2017-12316?: High severity. CVSS v3 base score is 7.5 out of 10.