CVE

Id
68074  
CVE No.
CVE-2014-0665  
Status
Candidate  
Description
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.  
Phase
Assigned (20140102)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
657301 68074 CVE-2014-0665 CONFIRM:http://tools.cisco.com/security/center/viewAlert.x?alertId=32448  View
657302 68074 CVE-2014-0665 CISCO:20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability  View
657303 68074 CVE-2014-0665 URL:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665  View
657304 68074 CVE-2014-0665 BID:64939  View
657305 68074 CVE-2014-0665 URL:http://www.securityfocus.com/bid/64939  View
657306 68074 CVE-2014-0665 OSVDB:102118  View
657307 68074 CVE-2014-0665 URL:http://osvdb.org/102118  View
657308 68074 CVE-2014-0665 SECTRACK:1029624  View
657309 68074 CVE-2014-0665 URL:http://www.securitytracker.com/id/1029624  View
657310 68074 CVE-2014-0665 SECUNIA:56439  View
657311 68074 CVE-2014-0665 URL:http://secunia.com/advisories/56439  View
657312 68074 CVE-2014-0665 XF:cisco-ise-cve2040665-unsuth-access(90463)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
12379 JVNDB-2014-001254 Cisco Video Surveillance 5000 HD IP Dome カメラの Web インターフェースにおけるクロスサイトスクリプティングの脆弱性 Cisco Video Surveillance 5000 HD IP Dome カメラの Web インターフェースには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-0673 68074 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001254.html  View