CVE-2015-6317
MEDIUMCisco Identity Services Engine < 2.0 - Authenticated Access Control Bypass via Direct Request
Title source: llmDescription
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034767
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2
Scores
CVSS v3
6.5
EPSS
0.0146
EPSS Percentile
70.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (22)
cisco/identity_services_engine_software
1.0.4.573
cisco/identity_services_engine_software
1.0_base
cisco/identity_services_engine_software
1.0_mr_base
cisco/identity_services_engine_software
1.1.1 p1 (6 CPE variants)
cisco/identity_services_engine_software
1.1.2 p1 (9 CPE variants)
cisco/identity_services_engine_software
1.1.3 p1 (7 CPE variants)
cisco/identity_services_engine_software
1.1.4 p1 (7 CPE variants)
cisco/identity_services_engine_software
1.1_base
cisco/identity_services_engine_software
1.2\(0.747\)
cisco/identity_services_engine_software
1.2\(0.793\)
... and 12 more
Published
Jan 23, 2016
Tracked Since
Feb 18, 2026