CVE-2017-6747

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions 1.3, 1.4, 2.0.0, 2.0.1, 2.1.0 Cisco ISE Express versions 1.3, 1.4, 2.0.0, 2.0.1, 2.1.0 Cisco ISE Virtual Appliance versions 1.3, 1.4, 2.0.0, 2.0.1, 2.1.0

Description A vulnerability in the authentication module could allow an unauthenticated, remote attacker to bypass local authentication by exploiting improper handling of authentication requests and policy assignment for externally authenticated users. This could allow the attacker to have Super Admin privileges for the ISE Admin portal by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account.

Recommendations For Cisco Identity Services Engine, Cisco ISE Express, and Cisco ISE Virtual Appliance versions 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0, consider disabling the authentication module until a patch is available to prevent exploitation. Restrict access to the ISE Admin portal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.