Sign-up

ID

VAR-201508-0093


CVE

CVE-2015-6266


TITLE

Cisco Identity Services Engine 3300 Vulnerability to retrieve important information from customized documents in the guest portal of the series

Trust: 0.8

sources: JVNDB: JVNDB-2015-004506

DESCRIPTION

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vendors have confirmed this vulnerability Bug ID CSCuo78045 It is released as.A third party can retrieve important information from a customized document through a direct request. Cisco Identity Services Engine Software is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuo78045. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a security vulnerability in the guest portal of Cisco ISE 3300 version 1.2(0.899). A remote attacker could exploit this vulnerability by sending direct requests to obtain sensitive information in custom files

Trust: 1.98

sources: NVD: CVE-2015-6266 // JVNDB: JVNDB-2015-004506 // BID: 76494 // VULHUB: VHN-84227

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2\(0.899\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.2 .0.899 patch 14

Trust: 0.8

vendor:ciscomodel:identity services engine software patchscope:eqversion:1.2.0.89914

Trust: 0.3

sources: BID: 76494 // JVNDB: JVNDB-2015-004506 // CNNVD: CNNVD-201508-560 // NVD: CVE-2015-6266

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6266
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6266
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201508-560
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84227
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6266
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84227
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84227 // JVNDB: JVNDB-2015-004506 // CNNVD: CNNVD-201508-560 // NVD: CVE-2015-6266

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-84227 // JVNDB: JVNDB-2015-004506 // NVD: CVE-2015-6266

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-560

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201508-560

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004506

PATCH
title:40691url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40691
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-004506

EXTERNAL IDS
db:NVDid:CVE-2015-6266
Trust: 2.8
db:SECTRACKid:1033405
Trust: 1.1
db:JVNDBid:JVNDB-2015-004506
Trust: 0.8
db:CNNVDid:CNNVD-201508-560
Trust: 0.7
db:BIDid:76494
Trust: 0.4
db:VULHUBid:VHN-84227
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84227 // 
            
            
            
            BID: 76494 // 
            
            
            
            JVNDB: JVNDB-2015-004506 // 
            
            
            
            CNNVD: CNNVD-201508-560 // 
            
            
            
            NVD: CVE-2015-6266

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40691
Trust: 2.0
url:http://www.securitytracker.com/id/1033405
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6266
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6266
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html?referring_site=smartnavrd
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84227 // 
            
            
            
            BID: 76494 // 
            
            
            
            JVNDB: JVNDB-2015-004506 // 
            
            
            
            CNNVD: CNNVD-201508-560 // 
            
            
            
            NVD: CVE-2015-6266

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76494

SOURCES
db:VULHUBid:VHN-84227
db:BIDid:76494
db:JVNDBid:JVNDB-2015-004506
db:CNNVDid:CNNVD-201508-560
db:NVDid:CVE-2015-6266

LAST UPDATE DATE
2025-04-12T23:30:41.346000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84227date:2017-09-20T00:00:00
db:BIDid:76494date:2015-08-27T00:00:00
db:JVNDBid:JVNDB-2015-004506date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-560date:2015-09-10T00:00:00
db:NVDid:CVE-2015-6266date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84227date:2015-08-28T00:00:00
db:BIDid:76494date:2015-08-27T00:00:00
db:JVNDBid:JVNDB-2015-004506date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-560date:2015-08-31T00:00:00
db:NVDid:CVE-2015-6266date:2015-08-28T15:59:01.297