BID:104212

Cisco Identity Services Engine CVE-2018-0277 Denial of Service Vulnerability

CVE-2018-277 |

Info

Cisco Identity Services Engine CVE-2018-0277 Denial of Service Vulnerability

Bugtraq ID:	104212
Class:	Design Error
CVE:	CVE-2018-0277
Remote:	Yes
Local:	No
Published:	May 16 2018 12:00AM
Updated:	May 16 2018 12:00AM
Credit:	Cisco
Vulnerable:	Cisco Identity Services Engine (ISE) Virtual Appliance 0 Cisco Identity Services Engine (ISE) Express 0 Cisco Identity Services Engine 2.3 + Cisco Unity Server 4.0 + Cisco Unity Server 3.3 + Cisco Unity Server 3.2 + Cisco Unity Server 3.1 + Cisco Unity Server 3.0 + Cisco Unity Server 2.46 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.1 + Cisco Unity Server 2.0 + Cisco Unity Server Cisco Identity Services Engine 1.2 899-2 Cisco Identity Services Engine 1.2 899 Cisco Identity Services Engine 1.1.4 218-7 Cisco Identity Services Engine 1.1.4 218-4 Cisco Identity Services Engine 1.1.4 218 Cisco Identity Services Engine 1.1.3 124-7 Cisco Identity Services Engine 1.1.3 124-4 Cisco Identity Services Engine 1.1.2 145-9 Cisco Identity Services Engine 1.1.2 145-10 Cisco Identity Services Engine 1.1.1 268-7 Cisco Identity Services Engine 1.1.1 268-6 Cisco Identity Services Engine 2.2.0 Cisco Identity Services Engine 2.1.0 Cisco Identity Services Engine 2.0.1 Cisco Identity Services Engine 2.0 Cisco Identity Services Engine 1.3 patch 2 Cisco Identity Services Engine 1.2(0.967) + Cisco Unity Server 4.0 + Cisco Unity Server 3.3 + Cisco Unity Server 3.2 + Cisco Unity Server 3.1 + Cisco Unity Server 3.0 + Cisco Unity Server 2.46 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.1 + Cisco Unity Server 2.0 + Cisco Unity Server Cisco Identity Services Engine 1.2 + Cisco Unity Server 4.0 + Cisco Unity Server 3.3 + Cisco Unity Server 3.2 + Cisco Unity Server 3.1 + Cisco Unity Server 3.0 + Cisco Unity Server 2.46 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.1 + Cisco Unity Server 2.0 + Cisco Unity Server Cisco Identity Services Engine 1.1 Patch 2 Cisco Identity Services Engine 1.0.4.MR2 + Cisco Unity Server 4.0 + Cisco Unity Server 3.3 + Cisco Unity Server 3.2 + Cisco Unity Server 3.1 + Cisco Unity Server 3.0 + Cisco Unity Server 2.46 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.1 + Cisco Unity Server 2.0 + Cisco Unity Server

Not Vulnerable:	Cisco Identity Services Engine 2.2.0.470-Patch5 Cisco Identity Services Engine 2.1.0 Patch7 Cisco Identity Services Engine 2.0.1.130-Patch5 Cisco Identity Services Engine 2.0.0.306-Patch6 Cisco Identity Services Engine 1.4.0.253-Patch12

Solution / Fix

Cisco Identity Services Engine CVE-2018-0277 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Cisco Identity Services Engine CVE-2018-0277 Denial of Service Vulnerability

References:

Cisco Homepage (Cisco )
Cisco Identity Services Engine EAP TLS Certificate DoS (Cisco)