ID de Prueba:	1.3.6.1.4.1.25623.1.0.105524
Categoría:	CISCO
Título:	Cisco Identity Services Engine Unauthorized Access Vulnerability (cisco-sa-20160113-ise2)
Resumen:	Cisco Identity Services Engine versions prior to 2.0 contain a vulnerability that could allow a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users.
Descripción:	Summary: Cisco Identity Services Engine versions prior to 2.0 contain a vulnerability that could allow a low-privileged authenticated, remote attacker to access specific web resources that are designed to be accessed only by higher-privileged administrative users. Vulnerability Insight: The vulnerability occurs because specific types of web resources are not correctly filtered for administrative users with different privileges. Vulnerability Impact: An attacker could exploit this vulnerability by authenticating at a low-privileged account and then accessing the web resources directly. An exploit could allow the attacker to access web pages that are reserved for higher-privileged administrative users. Solution: Cisco has released software updates that address these vulnerabilities. CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6317 Cisco Security Advisory: 20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 http://www.securitytracker.com/id/1034767
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.