CVE-2015-0757

CWE-200 — Information Exposure CWE-285 CWE-284 — Improper Access Control9 documents9 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 50.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedMay 29

Latest updateMay 17

Description

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software1.2\(1.901\), 1.3\(0.722\)+1

🔴Vulnerability Details

GHSA

GHSA-9f58-w643-6379: The web framework in Cisco Identity Services Engine (ISE) 1↗2022-05-17

▶

GHSA

OpenStack Image Service (Glance) vulnerable to Improper Access Control↗2022-05-17

▶

OSV

glance vulnerabilities↗2017-10-11

▶

CVEList

CVE-2015-0757: The web framework in Cisco Identity Services Engine (ISE) 1↗2015-05-29

▶

💥Exploits & PoCs

Exploit-DB

Synology Video Station 1.5-0757 - Multiple Vulnerabilities↗2015-09-10

▶

📋Vendor Advisories

Red Hat

openstack-glance: Glance image status manipulation through locations↗2016-02-04

▶

Cisco

Cisco Identity Services Engine Information Disclosure Vulnerability↗2015-05-27

▶