CVE-2015-4219

Summary

CVE	CVE-2015-4219
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-06-24 10:59:00 UTC
Updated	2016-12-29 13:19:00 UTC
Description	Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.

Risk And Classification

Problem Types: CWE-264 | CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cisco	Identity Services Engine Software	1.0.4.573	All	All	All
Application	Cisco	Identity Services Engine Software	1.0.4.573	All	All	All
Application	Cisco	Secure Access Control System	5.3.0.40.5	All	All	All
Application	Cisco	Secure Access Control System	5.3.0.40.5	All	All	All
Application	Cisco	Secure Access Control System	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Identity Services Engine Access Control Flaw Lets Remote Authenticated Users Access Data - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability	CISCO	tools.cisco.com	Vendor Advisory
Cisco Secure Access Control Server Access Control Flaw Lets Remote Authenticated Users Access Data - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Malformed Request	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.