CVE-2018-0275Cisco Identity Services Engine vulnerability

CWE-164 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 78.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine
Timeline
PublishedApr 19
Latest updateMay 13

Description

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/identity_services_engine< 2.2\(0.470\)

🔴Vulnerability Details

2
GHSA
GHSA-5c9x-fhgv-q6jp: A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the devic2022-05-13
CVEList
CVE-2018-0275: A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the devic2018-04-19

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Shell Access Vulnerability2018-04-18
CVE-2018-0275 — Cisco vulnerability | cvebase