| Vulnerability Name: | CVE-2015-4219 (CCN-104013) | ||||||||
| Assigned: | 2015-06-23 | ||||||||
| Published: | 2015-06-23 | ||||||||
| Updated: | 2016-12-29 | ||||||||
| Summary: | Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 CWE-264 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-4219 Source: CCN Type: Cisco Vulnerability Alert 39501 Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability Source: CISCO Type: Vendor Advisory 20150623 Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability Source: BID Type: Third Party Advisory, VDB Entry 75379 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032713 Source: SECTRACK Type: Third Party Advisory, VDB Entry 1032714 Source: XF Type: UNKNOWN cisco-ise-cve20154219-info-disc(104013) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||