Authentication bypass in Cisco Identity Services Engine (ISE) - CVE-2017-6747
Published: August 3, 2017
Vulnerability identifier: #VU7669
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6747
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to bypass local authentication.
The weakness exists due to improper handling of authentication requests and policy assignment for externally authenticated users. A remote attacker can authenticate with a valid external user account that matches an internal username, bypass authentication restrictions and gain Super Admin privileges for the ISE Admin portal.
Successful exploitation of the vulnerability results in unauthorized access to the system.
The weakness exists due to improper handling of authentication requests and policy assignment for externally authenticated users. A remote attacker can authenticate with a valid external user account that matches an internal username, bypass authentication restrictions and gain Super Admin privileges for the ISE Admin portal.
Successful exploitation of the vulnerability results in unauthorized access to the system.
How to mitigate CVE-2017-6747
To resolve the vulnerability install the following patches: 1.4.0 Patch 11, 2.0.0 Patch 5, 2.0.1 Patch 5 2.1.0 Patch 2.