CVE-2017-6747
Description
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. Release 2.2.x is not affected. Cisco Bug IDs: CSCvb10995.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:cisco:identity_services_engine:1.3\(0.722\):*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:cisco:identity_services_engine:1.3\(0.722\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.3\(0.876\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.3\(0.909\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.3\(106.146\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.3\(120.135\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.4\(0.109\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.4\(0.181\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.4\(0.253\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:1.4\(0.908\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.0\(0.147\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.0\(0.169\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.0\(0.222\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.0\(1.130\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.1\(0.474\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.1\(0.800\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.1\(102.101\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine:2.1_base:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
2- www.securitytracker.com/id/1039054nvdThird Party AdvisoryVDB Entry
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-isenvdVendor Advisory
News mentions
0No linked articles in our index yet.