[<prev] [next>] [day] [month] [year] [list]
Message-id: <201310231213.10.ise@psirt.cisco.com>
Date: Wed, 23 Oct 2013 12:13:50 -0400
From: Cisco Systems Product Security Incident Response Team <psirt@...co.com>
To: full-disclosure@...ts.grok.org.uk
Cc: psirt@...co.com
Subject: Cisco Security Advisory: Multiple Vulnerabilities
in Cisco Identity Services Engine
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco Identity Services Engine
Advisory ID: cisco-sa-20131023-ise
Revision 1.0
For Public Release 2013 October 23 16:00 UTC (GMT)
======================================================================
Summary
- -------
Cisco Identity Services Engine (ISE) contains the following vulnerabilities:
Cisco ISE Authenticated Arbitrary Command Execution Vulnerability
Cisco ISE Support Information Download Authentication Bypass Vulnerability
These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other.
Successful exploitation of Cisco ISE Authenticated Arbitrary Command Execution Vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system.
Successful exploitation of Cisco ISE Support Information Download Authentication Bypass Vulnerability could allow an attacker to obtain sensitive information including administrative credentials.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise
Note: Cisco ISE Software is also affected by the Apache Struts Command Execution Vulnerability described in a separate Cisco Security Advisory available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
Cisco ISE customers should consult that advisory before making decision on the upgrade path.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAlJn58YACgkQUddfH3/BbTrONAD9H9SWav6ti4+8q/Ps58twqJ7m
gkTHHTe6/MdgE1K62ZIA/2+7TGX4/3liKP6YSwZsyUVMB0YN5UmnTNwRR8OL06aX
=iYhW
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists