Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.
CVSS Information
N/A
Vulnerability Type
配置
Vulnerability Title
Cisco Identity Services Engine 配置错误漏洞
Vulnerability Description
Cisco Identity Services Engine(ISE)是美国思科(Cisco)公司的一款基于身份的环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco ISE 2.2.0.470之前版本中的support tunnel功能存在配置错误漏洞,该漏洞源于程序没有正确的配置support tunnel功能。本地攻击者可通过诱使设备解锁support用户账户并访问通道密码和设备系列号利用该漏洞以root权限运行任意系统命令。
CVSS Information
N/A
Vulnerability Type
N/A