CVE-2014-0665
Severity Score
4.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.
La implementación de RBAC en Cisco Identity Services Engine (ISE) de software no comprueba correctamente los privilegios para las descargas de soporte-bundle, lo que permite a usuarios remotos autenticados obtener información sensible a través de una acción de descarga, como se ha demostrado mediante la obtención de acceso de lectura a la base de datos de usuario, también conocido como Bug ID CSCul83904.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-01-02 CVE Reserved
- 2014-01-15 CVE Published
- 2023-08-28 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/102118 | Vdb Entry | |
| http://secunia.com/advisories/56439 | Third Party Advisory | |
| http://www.securityfocus.com/bid/64939 | Third Party Advisory | |
| http://www.securitytracker.com/id/1029624 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90463 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665 | 2017-08-29 | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=32448 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Identity Services Engine Software Search vendor "Cisco" for product "Identity Services Engine Software" | - | - |
Affected
| ||||||