Guest

Preview Tool

Cisco Bug: CSCur41673 - ISE 1.2 - Unauthenticated Backup Password retrieval

Last Modified

Jun 09, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.2(1.198)

Description (partial)

Symptom:
A vulnerability in the periodic backup functionality of Cisco Identity Server Engine (ISE) could allow an unauthenticated, remote attacker to
capture the password used to encrypt the backup.
The vulnerability is due to improper processing of a specific client request. An attacker could exploit this vulnerability by crafting a request
designed to trigger the issue, causing the ISE to generate a reply that contains the backup password.

Conditions:
Cisco ISE devices running an affected version of ISE software and configured to perform periodic backups.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.