Authentication bypass in Cisco Identity Services Engine
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-6747 |
| CWE-ID | CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco Identity Services Engine (ISE) Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Authentication bypass
EUVDB-ID: #VU7669
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6747
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass local authentication.
The weakness exists due to improper handling of authentication requests and policy assignment for externally authenticated users. A remote attacker can authenticate with a valid external user account that matches an internal username, bypass authentication restrictions and gain Super Admin privileges for the ISE Admin portal.
Successful exploitation of the vulnerability results in unauthorized access to the system.
To resolve the vulnerability install the following patches: 1.4.0 Patch 11, 2.0.0 Patch 5, 2.0.1 Patch 5 2.1.0 Patch 2.
Vulnerable software versionsCisco Identity Services Engine (ISE): 1.3 - 2.1.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
