CVE-2015-4219

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control System versions prior to 5.4(0.46.2) Cisco Secure Access Control System versions prior to 5.5(0.46) Cisco Identity Services Engine version 1.0(4.573)

Description The issue is related to the improper implementation of access control for support bundles, allowing remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials. This can be exploited by an attacker to gain confidential information.

Recommendations For Cisco Secure Access Control System versions prior to 5.4(0.46.2), update to version 5.4(0.46.2) or later. For Cisco Secure Access Control System versions prior to 5.5(0.46), update to version 5.5(0.46) or later. For Cisco Identity Services Engine version 1.0(4.573), consider restricting access to support bundles until a patch is available.