CVE-2015-6323

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

1.5%

top 18.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedJan 15

Latest updateMay 17

Description

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software19 versions+18

🔴Vulnerability Details

GHSA

GHSA-476p-q5r3-g7xv: The Admin portal in Cisco Identity Services Engine (ISE) 1↗2022-05-17

▶

CVEList

CVE-2015-6323: The Admin portal in Cisco Identity Services Engine (ISE) 1↗2016-01-15

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Unauthorized Access Vulnerability↗2016-01-14

▶