Access Control Vulnerability in Cisco Secure Access Control System and Identity Services Engine
CVE-2015-4219

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System; Identity Services Engine Software
Vendor: CVE Published:; 24 June 2015

Summary

The Cisco Secure Access Control System and Cisco Identity Services Engine exhibit inadequate access control mechanisms for support bundles. This shortcoming allows remote authenticated users to exploit the system through brute-force attacks, potentially leading to unauthorized access to sensitive information. The vulnerabilities, identified by Bug IDs CSCue00833 and CSCub40331, highlight the importance of securing user access to prevent data breaches. Users are encouraged to update their systems to the latest versions to mitigate this risk.

References

http://www.securitytracker.com/id/1032713

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/75379

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 24, 2015
Vulnerability Reserved
Jun 4, 2015