Cisco Identity Services Engine Database Default Credentials Vulnerability
Last Update Date:
22 Sep 2011 10:41
Release Date:
22 Sep 2011
6168
Views
RISK: Medium Risk
TYPE: Servers - Network Management
A vulnerability has been identified in Cisco Identity Services Engine, which can be exploited by malicious people to bypass certain security restrictions.
The security issue is caused due to the appliance including an undocumented database account with default credentials. This can be exploited to modify the configuration and settings of a device.
Impact
- Security Restriction Bypass
System / Technologies affected
- Cisco Identity Services Engine (ISE) versions prior to 1.0.4.MR2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 1.0.4.MR2 scheduled to be released on September 30, 2011.
http://www.cisco.com/warp/public/707/cisco-sa-20110920-ise.shtml
Vulnerability Identifier
Source
Related Link
Share with