CVE-2011-3290

Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml	Vendor Advisory
http://www.securityfocus.com/bid/49703
http://www.securitytracker.com/id?1026075
http://secunia.com/advisories/46061
https://exchange.xforce.ibmcloud.com/vulnerabilities/69945

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software::::::::

Information

Published : 2011-09-21 09:55

Updated : 2017-08-28 18:30

NVD link : CVE-2011-3290

Mitre link : CVE-2011-3290

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

cisco

identity_services_engine
identity_services_engine_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml", "name": "20110920 Cisco Identity Services Engine Database Default Credentials Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/49703", "name": "49703", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1026075", "name": "1026075", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/46061", "name": "46061", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945", "name": "cisco-ise-default-credentials(69945)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3290", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-09-21T16:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.4"}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:30Z"}

10.0 /10