CVE-2015-4267

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
ciscoidentity_services_engine_software
1.2\(0.793\)
ciscoidentity_services_engine_software
1.3\(0.876\)
ciscoidentity_services_engine_software
1.4\(0.181\)
ciscoidentity_services_engine_software
1.4\(0.876\)
ciscoidentity_services_engine_software
2.0\(0.147\)
ciscoidentity_services_engine_software
2.0\(0.169\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=39872
http://www.securitytracker.com/id/1032929
http://tools.cisco.com/security/center/viewAlert.x?alertId=39872
http://www.securitytracker.com/id/1032929