PT-2017-16131 · Cisco · Cisco Identity Services Engine

Published

2017-02-22

Updated

2017-07-25

CVE-2017-3835

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) version 1.4(0.908)

Description A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users due to SQL Injection.

Recommendations For Cisco Identity Services Engine (ISE) version 1.4(0.908), consider restricting access to the sponsor portal until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2017-3835

Affected Products

Cisco Identity Services Engine

PT-2017-16131 · Cisco · Cisco Identity Services Engine

CVE-2017-3835

Weakness Enumeration

Related Identifiers

Affected Products

References · 5