Vulnerabilities > CVE-2011-3290 - Credentials Management vulnerability in Cisco products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-255

critical

NVD

Published: 2011-09-21

Updated: 2017-08-29

Summary

Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.

Vulnerable Configurations

Part	Description	Count
Hardware	Cisco Cisco Identity Services Engine *	1
Application	Cisco Cisco Identity Services Engine Software 1.0 Cisco Identity Services Engine Software - Cisco Identity Services Engine Software 1.0Mr	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://secunia.com/advisories/46061
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml
http://www.securityfocus.com/bid/49703
http://www.securitytracker.com/id?1026075
https://exchange.xforce.ibmcloud.com/vulnerabilities/69945