CVE-2017-6747
published 2017-08-07CVE-2017-6747: A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local…
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.48%
91.8th percentile
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker authenticates using a valid external user account whose username matches an existing internal ISE username, then receives the internal account's authorization policy (potentially Super Admin) on the ISE Admin portal ↗
- →Monitor ISE Admin portal login events where an externally-authenticated user session is granted Super Admin privileges; cross-reference against expected internal admin accounts for username collisions ↗
- →Affected versions are Cisco ISE / ISE Express / ISE Virtual Appliance releases 1.3, 1.4, 2.0.0, 2.0.1, and 2.1.0; Release 2.2.x is NOT affected — use version fingerprinting to identify exposed assets ↗
- ·This vulnerability only affects the ISE Admin portal authentication path for externally authenticated users; endpoints authenticating to ISE are not affected ↗
- ·There are no workarounds available; the only remediation is upgrading to a fixed software release ↗
- ·Tracked under Cisco Bug ID CSCvb10995; use this identifier when querying Cisco's bug tracker or PSIRT feeds for additional technical detail ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4742-8cjm-26f3: A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local a
ghsa_unreviewed·2022-05-13
CVE-2017-6747 [CRITICAL] CWE-287 GHSA-4742-8cjm-26f3: A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local a
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or
Cisco
Cisco Identity Services Engine Authentication Bypass Vulnerability
vendor_cisco·2017-08-02·CVSS 8.1
CVE-2017-6747 [HIGH] CWE-287 Cisco Identity Services Engine Authentication Bypass Vulnerability
Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.
The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal.
This vulnerability does not affect endpoints authenticating to the ISE.
Cisco has released software updates that address this vulner
Cisco
Cisco Identity Services Engine Authentication Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-6747 Cisco Identity Services Engine Authentication Bypass Vulnerability
CVE-2017-6747: Cisco Identity Services Engine Authentication Bypass Vulnerability
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. Cisco has released software updates that address
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-08-07
Published