CVE-2014-0665

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) Software (affected versions not specified)

Description The issue concerns the Role-Based Access Control (RBAC) implementation, which fails to properly verify privileges for support-bundle downloads. This allows remote authenticated users to obtain sensitive information via a download action. For example, an attacker could obtain read access to the user database.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.