5.3

CVE-2019-15282

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIdentity Services Engine Software Version < 2.4\(0.357\)
CiscoIdentity Services Engine Software Version2.4(0.357) Update-
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch1
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch2
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch3
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch4
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch5
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch6
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch7
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch8
CiscoIdentity Services Engine Software Version2.4(0.357) Updatepatch9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.09% 0.773
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com 4.3 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.