Guest

Preview Tool

Cisco Bug: CSCur64400 - Sponsor portal vulnerability - sponsor priv elevation

Last Modified

Feb 25, 2018

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.2(0.899) 1.2(1.905)

Description (partial)

Symptoms:
A vulnerability in the sponsor portal of Cisco Identity Server Engine (ISE) could allow an authenticated, remote attacker to gain access to guest
accounts created from another sponsor account.
The vulnerability is due to a failure to restrict guest account across sponsors. An attacker could exploit this vulnerability by manipulating an
HTTP request prior to submission to the ISE portal. A successful attack could allow the attacker to modify or access the login and account
details of a guest created by another sponsor.
Conditions:
Cisco ISE devices running a version of software prior to release 1.3 and configured to perform guest access.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.