Vulnerabilities > CVE-2015-6323 - Unspecified vulnerability in Cisco Identity Services Engine Software

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
cisco
critical
nessus

Summary

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.

Nessus

NASL familyCISCO
NASL idCISCO-SA-20160113-ISE.NASL
descriptionAccording to its self-reported version number and installed patches, the remote Cisco Identity Services Engine (ISE) application running on the remote device is affected by an unspecified flaw in the Admin portal that allows unauthorized access. An unauthenticated, remote attacker can exploit this issue to obtain complete control of the device.
last seen2020-06-01
modified2020-06-02
plugin id97469
published2017-03-01
reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/97469
titleCisco Identify Services Engine (ISE) Admin Portal Unauthorized Access
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97469);
  script_version("1.6");
  script_cvs_date("Date: 2018/07/06 11:26:05");

  script_cve_id("CVE-2015-6323");
  script_bugtraq_id(80497);
  script_xref(name:"CISCO-BUG-ID", value:"CSCuw34253");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20160113-ise");

  script_name(english:"Cisco Identify Services Engine (ISE) Admin Portal Unauthorized Access");
  script_summary(english:"Checks the Cisco Identify Services Engine version.");

  script_set_attribute(attribute:"synopsis", value:
"An identity and access control policy management application running
on the remote device is affected by an unauthorized access
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number and installed patches,
the remote Cisco Identity Services Engine (ISE) application running
on the remote device is affected by an unspecified flaw in the Admin
portal that allows unauthorized access. An unauthenticated, remote
attacker can exploit this issue to obtain complete control of the
device.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?59e15877");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuw34253");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch referenced in Cisco Security Advisory
cisco-sa-20160113-ise.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:identity_services_engine_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");

  script_dependencies("cisco_ise_detect.nbin");
  script_require_keys("Host/Cisco/ISE/version");

  exit(0);
}

include("audit.inc");
include("cisco_func.inc");

appname = "Cisco ISE";
version = get_kb_item_or_exit("Host/Cisco/ISE/version");
patches = get_kb_item("Host/Cisco/ISE/patches");

patch_fix   = NULL;
patch_detected = FALSE;

if      (version =~ "^1\.2\.0($|[^0-9])") patch_fix = '17';
else if (version =~ "^1\.2\.1($|[^0-9])") patch_fix = '8';
else if (version =~ "^1\.3($|[^0-9])")    patch_fix = '5';
else if (version =~ "^1\.4($|[^0-9])")    patch_fix = '4';
else
  audit(AUDIT_INST_VER_NOT_VULN, appname, version);

if (!empty_or_null(patches))
{
  patches = split(patches, sep:', ', keep:FALSE);
  foreach patch (patches)
    if (patch >= patch_fix) patch_detected = TRUE;
}

if (patch_detected)
  audit(AUDIT_INST_VER_NOT_VULN, appname, version + " with patch " + patch_fix);

security_report_cisco(
  port     : 0,
  severity : SECURITY_HOLE,
  version  : version,
  bug_id   : "CSCuw34253",
  pie      : patch_fix,
  override : FALSE
);