Cisco Bug: CSCuj23709 - enumerate 3rd party s/w version+WSDL w/ unauthenticated HTTPS session
Jun 07, 2016
- Cisco Identity Services Engine
Known Affected Releases
Symptom: 1. Able to get the version of one third party software component without authenticating. Using https:/ISE-hostname/admin/services/Version?method=getVersion 2. Able to retrieve WSDL for some services without authenticating. https://ISE-hostname/admin/services/AdminDistributionService?wsdl https://ISE-hostname/admin/services/AdminTypeLessEntityService?wsdl https://ISE-hostname/admin/services/AdminMappingService?wsdl Conditions: Any web browser with HTTPS support with network accessibility to the ISE Administration web application can run these commands without having any Administrative privileges.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases