Executive Summary

Summary
Title Cisco Identity Services Engine Database Default Credentials Vulnerability
Informations
Name cisco-sa-20110920-ise First vendor Publication 2011-09-19
Vendor Cisco Last vendor Modification 2011-09-20
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Identity Services Engine (ISE) contains a set of default credentials for its underlying database. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device.

Cisco will release free software updates that address this vulnerability on September 30th, 2011. There is no workaround for this vulnerability.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9 (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Hardware 1

Open Source Vulnerability Database (OSVDB)

Id Description
75631 Cisco Identity Services Engine Undocumented Account Default Credentials