CVE-2015-4267

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.

Published: Jul 15, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4267
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine_software	2.0(0.147)	2.0(0.147).x
cisco / identity_services_engine_software	1.2(0.793)	1.2(0.793).x
cisco / identity_services_engine_software	1.3(0.876)	1.3(0.876).x
cisco / identity_services_engine_software	2.0(0.169)	2.0(0.169).x
cisco / identity_services_engine_software	1.4(0.876)	1.4(0.876).x
cisco / identity_services_engine_software	1.4(0.181)	1.4(0.181).x

http://tools.cisco.com/security/center/viewAlert.x?alertId=39872
http://www.securitytracker.com/id/1032929

Vulnerability Database

289,782

CVE-2015-4267