CVE-2015-4219

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
References
Link Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=39501 Vendor Advisory
http://www.securityfocus.com/bid/75379 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032714 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032713 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:secure_access_control_system:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*

Information

Published : 2015-06-24 03:59

Updated : 2016-12-29 05:19


NVD link : CVE-2015-4219

Mitre link : CVE-2015-4219


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

cisco

  • secure_access_control_system
  • identity_services_engine_software