CVE-2015-4219

CWE-200 — Information Exposure CWE-2644 documents4 sources

Severity

4.0MEDIUM

EPSS

0.4%

top 38.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control System Cisco Identity Services Engine Software

Timeline

PublishedJun 24

Latest updateMay 17

Description

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDcisco/secure_access_control_system5.4.0.46.1+1

▶NVDcisco/identity_services_engine_software1.0.4.573

🔴Vulnerability Details

GHSA

GHSA-82xm-9qhp-mf4g: Cisco Secure Access Control System before 5↗2022-05-17

▶

CVEList

CVE-2015-4219: Cisco Secure Access Control System before 5↗2015-06-24

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability↗2015-06-23

▶