PT-2015-3181 · Cisco · Cisco Secure Access Control System+1
Published
2015-06-24
·
Updated
2016-12-29
·
CVE-2015-4219
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Secure Access Control System versions prior to 5.4(0.46.2)
Cisco Secure Access Control System versions prior to 5.5(0.46)
Cisco Identity Services Engine version 1.0(4.573)
Description
The issue is related to the improper implementation of access control for support bundles, allowing remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials. This can be exploited by an attacker to gain confidential information.
Recommendations
For Cisco Secure Access Control System versions prior to 5.4(0.46.2), update to version 5.4(0.46.2) or later.
For Cisco Secure Access Control System versions prior to 5.5(0.46), update to version 5.5(0.46) or later.
For Cisco Identity Services Engine version 1.0(4.573), consider restricting access to support bundles until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Identity Services Engine
Cisco Secure Access Control System