Cisco Identity Services Engine CVE-2018-15459 Privilege Escalation Vulnerability

Bugtraq ID:	106707
Class:	Design Error
CVE:	CVE-2018-15459
Remote:	Yes
Local:	No
Published:	Jan 23 2019 12:00AM
Updated:	Jan 23 2019 12:00AM
Credit:	Cisco
Vulnerable:	Cisco Identity Services Engine (ISE) 2.2.1 Cisco Identity Services Engine (ISE) 0 Cisco Identity Services Engine 2.3 + Cisco Unity Server 4.0 + Cisco Unity Server 3.3 + Cisco Unity Server 3.2 + Cisco Unity Server 3.1 + Cisco Unity Server 3.0 + Cisco Unity Server 2.46 + Cisco Unity Server 2.4 + Cisco Unity Server 2.3 + Cisco Unity Server 2.2 + Cisco Unity Server 2.1 + Cisco Unity Server 2.0 + Cisco Unity Server Cisco Identity Services Engine 2.4 Cisco Identity Services Engine 2.3.0.298 Cisco Identity Services Engine 2.2.0 patch 2 Cisco Identity Services Engine 2.2.0
Not Vulnerable:	Cisco Identity Services Engine 2.2.1 Patch 1 Cisco Identity Services Engine 2.2 Patch 10 Cisco Identity Services Engine 2.4 Patch 2 Cisco Identity Services Engine 2.3 Patch 5

Cisco Identity Services Engine CVE-2018-15459 Privilege Escalation Vulnerability

Cisco Identity Services Engine is prone to a privilege-escalation vulnerability.

A remote attacker can exploit this issue to gain elevated privileges on an affected device.

This issue is being tracked by Cisco Bug ID CSCvi44041.

Cisco Identity Services Engine CVE-2018-15459 Privilege Escalation Vulnerability

Attackers can use standard, readily available tools to exploit this issue.

Cisco Identity Services Engine CVE-2018-15459 Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Cisco Identity Services Engine CVE-2018-15459 Privilege Escalation Vulnerability

References:

• Cisco Homepage (Cisco )
  
• Cisco Identity Services Engine Homepage (Cisco)
  
• Cisco Identity Services Engine Privilege Escalation Vulnerability (Cisco)