CVE-2015-0757: Infoleak
First published: Fri May 29 2015(Updated: )
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine | =1.2\(1.901\) | |
| Cisco Identity Services Engine | =1.3\(0.722\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0757?
CVE-2015-0757 is considered a moderate severity vulnerability due to the potential for sensitive information exposure.
How do I fix CVE-2015-0757?
To fix CVE-2015-0757, updates to the Cisco Identity Services Engine software are required, specifically upgrading to a non-vulnerable version.
What versions of Cisco Identity Services Engine are affected by CVE-2015-0757?
CVE-2015-0757 affects Cisco Identity Services Engine version 1.2(1.901) and version 1.3(0.722).
Can CVE-2015-0757 lead to unauthorized access?
While CVE-2015-0757 does not directly allow unauthorized access, it can expose sensitive information that could aid attackers.
What type of information can be exposed due to CVE-2015-0757?
CVE-2015-0757 can allow remote attackers to obtain sensitive information by reading web reports generated by the system.
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco identity services engine
- version/cisco identity services engine/1.2\(1.901\)
- version/cisco identity services engine/1.3\(0.722\)