CVE-2015-6266

CWE-287 ā€” Improper Authentication4 documents4 sources
Severity
5.0MEDIUM
EPSS
0.2%
top 54.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine Software
Timeline
PublishedAug 28
Latest updateMay 17

Description

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

šŸ”“Vulnerability Details

2
GHSA
GHSA-9hx7-74mf-ww6x: The guest portal in Cisco Identity Services Engine (ISE) 3300 1ā†—2022-05-17
ā–¶
CVEList
CVE-2015-6266: The guest portal in Cisco Identity Services Engine (ISE) 3300 1ā†—2015-08-28
ā–¶

šŸ“‹Vendor Advisories

1
Cisco
Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerabilityā†—2015-08-27
ā–¶
CVE-2015-6266 (MEDIUM CVSS 5) | The guest portal in Cisco Identity | cvebase.io