First published: Wed Jan 15 2014(Updated: )
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Identity Services Engine Software |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.