What is CVE-2017-6747?

CVE-2017-6747 is a critical-severity vulnerability in Cisco Identity_services_engine, classified under Improper Authentication. CVSS score: 9.8/10. Published 2017-08-07.

How severe is CVE-2017-6747?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Cisco Identity_services_engine

CVE-2017-6747

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests a…

Vulnerability class: Broken Authentication

EPSS: 0.022 (84.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Identity_services_engine — versions 1.3\(0.722\), 1.3\(0.876\), 1.3\(0.909\)
N/a Cisco Identity Services Engine — versions Cisco Identity Services Engine

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-6747?: CVE-2017-6747 is a critical-severity vulnerability in Cisco Identity_services_engine, classified under Improper Authentication. CVSS score: 9.8/10. Published 2017-08-07.
How severe is CVE-2017-6747?: Critical severity. CVSS v3 base score is 9.8 out of 10.