cisco-sa-20110920-ise

Executive Summary

Summary
Title	Cisco Identity Services Engine Database Default Credentials Vulnerability

Informations
Name	cisco-sa-20110920-ise	First vendor Publication	2011-09-19
Vendor	Cisco	Last vendor Modification	2011-09-20
Severity (Vendor)	N/A	Revision	1.0

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device.

Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...)

CWE : Common Weakness Enumeration

id	Name
CWE-255	Credentials Management

CPE : Common Platform Enumeration

Type	Description	Count
Application	Cisco Identity Services Engine Software cpe:/a:cisco:identity_services_engine_software:1.0mr cpe:/a:cisco:identity_services_engine_software:1.0.4 cpe:/a:cisco:identity_services_engine_software:1.0	3
Hardware	Cisco Identity Services Engine cpe:/h:cisco:identity_services_engine	1