var-201508-0093
Vulnerability from variot
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vendors have confirmed this vulnerability Bug ID CSCuo78045 It is released as.A third party can retrieve important information from a customized document through a direct request. Cisco Identity Services Engine Software is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuo78045. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a security vulnerability in the guest portal of Cisco ISE 3300 version 1.2(0.899). A remote attacker could exploit this vulnerability by sending direct requests to obtain sensitive information in custom files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "identity services engine software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2\\(0.899\\)"
},
{
"model": "identity services engine software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2 .0.899 patch 14"
},
{
"model": "identity services engine software patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.0.89914"
}
],
"sources": [
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:identity_services_engine_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "76494"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6266",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84227",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6266",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6266",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84227",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vendors have confirmed this vulnerability Bug ID CSCuo78045 It is released as.A third party can retrieve important information from a customized document through a direct request. Cisco Identity Services Engine Software is prone to an unauthorized-access vulnerability. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. \nThis issue is being tracked by Cisco bug ID CSCuo78045. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a security vulnerability in the guest portal of Cisco ISE 3300 version 1.2(0.899). A remote attacker could exploit this vulnerability by sending direct requests to obtain sensitive information in custom files",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "VULHUB",
"id": "VHN-84227"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6266",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1033405",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560",
"trust": 0.7
},
{
"db": "BID",
"id": "76494",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84227",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"id": "VAR-201508-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:05:38.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "40691",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40691"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033405"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6266"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6266"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html?referring_site=smartnavrd"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84227"
},
{
"date": "2015-08-27T00:00:00",
"db": "BID",
"id": "76494"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"date": "2015-08-28T15:59:01.297000",
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-84227"
},
{
"date": "2015-08-27T00:00:00",
"db": "BID",
"id": "76494"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"date": "2015-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"date": "2024-11-21T02:34:40.200000",
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Identity Services Engine 3300 Vulnerability to retrieve important information from customized documents in the guest portal of the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…