Denial of Service Vulnerability in Cisco Identity Services Engine
CVE-2016-9198

7.5HIGH

Key Information:

Vendor
Cisco
Status
Cisco Identity Services Engine (ise)
Vendor
CVE Published:
14 December 2016

Summary

A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) permits an unauthenticated remote attacker to execute a denial of service (DoS) attack. The flaw arises from improper handling of requests, which can lead to system instability or unavailability. The affected version is 1.2(1.199), exposing users to significant risks if not addressed.

Affected Version(s)

Cisco Identity Services Engine (ISE) Cisco Identity Services Engine (ISE)

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037415
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94810
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.