CVE-2015-6317

CWE-284 โ€” Improper Access ControlCWE-2644 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 65.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine Software
Timeline
PublishedJan 23
Latest updateMay 17

Description

Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-62w6-q6hj-32wh: Cisco Identity Services Engine (ISE) before 2โ†—2022-05-17
โ–ถ
CVEList
CVE-2015-6317: Cisco Identity Services Engine (ISE) before 2โ†—2016-01-23
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Cisco Identity Services Engine Unauthorized Access Vulnerabilityโ†—2016-01-14
โ–ถ
CVE-2015-6317 (MEDIUM CVSS 6.5) | Cisco Identity Services Engine (ISE | cvebase.io