CVE-2017-6747Improper Authentication in Cisco Identity Services Engine

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
2.2%
top 15.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine
Timeline
PublishedAug 7
Latest updateMay 13

Description

A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal accou

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcisco/identity_services_engine18 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-4742-8cjm-26f3: A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local a2022-05-13
CVEList
CVE-2017-6747: A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local a2017-08-07

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Authentication Bypass Vulnerability2017-08-02
CVE-2017-6747 — Improper Authentication in Cisco | cvebase