← Back

CVE-2019-15282

nvd nist
Published: Oct 16, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.

Affected (11)

Cisco
1 product
Identity Services Engine Software
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Identity Services Engine Software
Before 2.4\(0.357\)
Identity Services Engine Software
Version 2.4(0.357)
Identity Services Engine Software
Version 2.4(0.357) patch1
Identity Services Engine Software
Version 2.4(0.357) patch2
Identity Services Engine Software
Version 2.4(0.357) patch3
Identity Services Engine Software
Version 2.4(0.357) patch4
Identity Services Engine Software
Version 2.4(0.357) patch5
Identity Services Engine Software
Version 2.4(0.357) patch6
Identity Services Engine Software
Version 2.4(0.357) patch7
Identity Services Engine Software
Version 2.4(0.357) patch8
Identity Services Engine Software
Version 2.4(0.357) patch9

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.