CVE-2011-3290

Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/46061
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml	Vendor Advisory
http://www.securityfocus.com/bid/49703
http://www.securitytracker.com/id?1026075
https://exchange.xforce.ibmcloud.com/vulnerabilities/69945

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:identity_services_engine_software::::::::
	cpe:2.3:a:cisco:identity_services_engine_software:1.0:::::::*
	cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:::::::*

History

No history.

Information

Published : 2011-09-21 16:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-3290

Mitre link : CVE-2011-3290

CVE.ORG link : CVE-2011-3290

JSON object : View

Products Affected

cisco

identity_services_engine_software
identity_services_engine

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2011-3290", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-09-21T16:55:04.147", "references": [{"url": "http://secunia.com/advisories/46061", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/49703", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1026075", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135."}, {"lang": "es", "value": "Cisco Identity Services Engine (ISE), antes de la versi\u00f3n v1.0.4.MR2 usa las credenciales de base de datos Oracle por defecto, lo que permite a atacantes remotos modificar la configuraci\u00f3n o realizar otras acciones administrativas no especificadas a trav\u00e9s de vectores desconocidos. Problema tambi\u00e9n conocido como Bug ID CSCts59135."}], "lastModified": "2017-08-29T01:30:08.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D21EAA4D-BC75-4FBF-8F84-33A8152D9E35"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBCFC65B-8F72-4C75-9721-54B75889CC07", "versionEndIncluding": "1.0.4"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "029478F4-EB13-4DF7-A93A-16A0D7ED8AEA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}