Release date:
Updated on:
Affected Systems:
Cisco Identity Services Engine
Description:
--------------------------------------------------------------------------------
Bugtraq id: 64939
CVE (CAN) ID: CVE-2014-0665
Cisco Identity Services Engine is an access control solution that integrates authentication, authorization, AAA, status, setting files, and client management.
RBAC of Cisco Identity Services Engine (ISE) software does not correctly verify the support package download permission, allowing authenticated remote users to obtain sensitive information.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (CVE-2014-0665) and patches for this:
CVE-2014-0665: Cisco ISE Unprivileged Support Bundle Download Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665