CVE-2016-1402

CWE-119 — Buffer Overflow CWE-287 — Improper Authentication4 documents4 sources

Severity

7.5HIGH

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedMay 21

Latest updateMay 17

Description

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/identity_services_engine_software1.2.0.899

🔴Vulnerability Details

GHSA

GHSA-287h-m4vw-mrx7: The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1↗2022-05-17

▶

CVEList

CVE-2016-1402: The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1↗2016-05-21

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability↗2016-05-17

▶