CVE-2017-12316

Summary

CVE	CVE-2017-12316
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-11-16 07:29:00 UTC
Updated	2019-10-09 23:22:00 UTC
Description	A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.

Risk And Classification

Problem Types: CWE-307

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cisco	Identity Services Engine Software	2.1(0.229)	All	All	All
Application	Cisco	Identity Services Engine Software	2.1\(0.229\)	All	All	All
Application	Cisco	Identity Services Engine Software	2.1\(0.229\)	All	All	All

References

Reference	Source	Link	Tags
Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability	CONFIRM	tools.cisco.com	Vendor Advisory
Cisco Identity Services Engine CVE-2017-12316 Brute Force Authentication Bypass Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Cisco Identity Services Engine Guest Portal Login Page Lets Remote Users Bypass Security Restrictions on the Target System - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.