Executive Summary

Summary
TitleCisco Identity Services Engine Database Default Credentials Vulnerability
Informations
Namecisco-sa-20110920-iseFirst vendor Publication2011-09-19
VendorCiscoLast vendor Modification2011-09-20
Severity (Vendor) N/ARevision1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device.

Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...)

CWE : Common Weakness Enumeration

idName
CWE-255Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application3
Hardware1

Open Source Vulnerability Database (OSVDB)

idDescription
75631Cisco Identity Services Engine Undocumented Account Default Credentials