Vulnerability Description
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine Software | 1.2\(0.899\) |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40691Vendor Advisory
- http://www.securitytracker.com/id/1033405
- http://tools.cisco.com/security/center/viewAlert.x?alertId=40691Vendor Advisory
- http://www.securitytracker.com/id/1033405
FAQ
What is CVE-2015-6266?
CVE-2015-6266 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customi...
How severe is CVE-2015-6266?
CVE-2015-6266 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6266?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine Software.