VAR-201508-0093
Vulnerability from variot - Updated: 2025-04-12 23:30The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vendors have confirmed this vulnerability Bug ID CSCuo78045 It is released as.A third party can retrieve important information from a customized document through a direct request. Cisco Identity Services Engine Software is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuo78045. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a security vulnerability in the guest portal of Cisco ISE 3300 version 1.2(0.899). A remote attacker could exploit this vulnerability by sending direct requests to obtain sensitive information in custom files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "identity services engine software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2\\(0.899\\)"
},
{
"model": "identity services engine software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2 .0.899 patch 14"
},
{
"model": "identity services engine software patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.0.89914"
}
],
"sources": [
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:identity_services_engine_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "76494"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6266",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84227",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6266",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6266",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84227",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vendors have confirmed this vulnerability Bug ID CSCuo78045 It is released as.A third party can retrieve important information from a customized document through a direct request. Cisco Identity Services Engine Software is prone to an unauthorized-access vulnerability. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. \nThis issue is being tracked by Cisco bug ID CSCuo78045. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. There is a security vulnerability in the guest portal of Cisco ISE 3300 version 1.2(0.899). A remote attacker could exploit this vulnerability by sending direct requests to obtain sensitive information in custom files",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6266"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "VULHUB",
"id": "VHN-84227"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6266",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1033405",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560",
"trust": 0.7
},
{
"db": "BID",
"id": "76494",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84227",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"id": "VAR-201508-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-12T23:30:41.346000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "40691",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40691"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033405"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6266"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6266"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/c/en/us/products/security/identity-services-engine/index.html?referring_site=smartnavrd"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84227"
},
{
"db": "BID",
"id": "76494"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-84227"
},
{
"date": "2015-08-27T00:00:00",
"db": "BID",
"id": "76494"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"date": "2015-08-28T15:59:01.297000",
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-84227"
},
{
"date": "2015-08-27T00:00:00",
"db": "BID",
"id": "76494"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004506"
},
{
"date": "2015-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-560"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Identity Services Engine 3300 Vulnerability to retrieve important information from customized documents in the guest portal of the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004506"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-560"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…