CVE-2017-12316
HIGHCisco Identity Services Engine - Unauthenticated Brute-Force Password Attack via Guest Portal Login Page
Title source: llmDescription
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039830
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101931
Scores
CVSS v3
7.5
EPSS
0.0203
EPSS Percentile
78.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-287
CWE-307
Status
published
Products (2)
cisco/identity_services_engine_software
2.1\(0.229\)
n/a/Cisco Identity Services Engine
Cisco Identity Services Engine
Published
Nov 16, 2017
Tracked Since
Feb 18, 2026