Cisco Bug: CSCur64400 - Sponsor portal vulnerability - sponsor priv elevation
Feb 25, 2018
- Cisco Identity Services Engine (ISE) 3300 Series Appliances
Known Affected Releases
Symptoms: A vulnerability in the sponsor portal of Cisco Identity Server Engine (ISE) could allow an authenticated, remote attacker to gain access to guest accounts created from another sponsor account. The vulnerability is due to a failure to restrict guest account across sponsors. An attacker could exploit this vulnerability by manipulating an HTTP request prior to submission to the ISE portal. A successful attack could allow the attacker to modify or access the login and account details of a guest created by another sponsor. Conditions: Cisco ISE devices running a version of software prior to release 1.3 and configured to perform guest access.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases