Vulnerability Description
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine Software | 1.0.4.573 |
| Cisco | Secure Access Control System | <= 5.4.0.46.1 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39501Vendor Advisory
- http://www.securityfocus.com/bid/75379Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032713Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032714Third Party AdvisoryVDB Entry
- http://tools.cisco.com/security/center/viewAlert.x?alertId=39501Vendor Advisory
- http://www.securityfocus.com/bid/75379Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032713Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032714Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-4219?
CVE-2015-4219 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows ...
How severe is CVE-2015-4219?
CVE-2015-4219 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4219?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software, Cisco Secure Access Control System.