CVE-2017-12316

CWE-287 — Improper Authentication CWE-3074 documents4 sources

Severity

7.5HIGH

EPSS

1.2%

top 21.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software

Timeline

PublishedNov 16

Latest updateMay 13

Description

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco_identity_services_engineCisco Identity Services Engine

▶NVDcisco/identity_services_engine_software2.1\(0.229\)

🔴Vulnerability Details

GHSA

GHSA-7vjf-xjh9-p8c2: A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform mult↗2022-05-13

▶

CVEList

CVE-2017-12316: A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform mult↗2017-11-16

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability↗2017-11-15

▶