VDB
CVE-2018-0275
CVE-2018-0275
PUBLISHED
CVSS 6.699999809265137 MEDIUM
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. Cisco Bug IDs: CSCvf54409.
EPSS 0.07% · 21.4th percentile
Risk Scores
CVSS 3.0
6.699999809265137
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.07%
21.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | Cisco Identity Services Engine | Cisco Identity Services Engine |
| cisco | identity_services_engine | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2018-0275 (circl-sighting)
- 1040717 (circl)
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise (circl)
Timeline
- Apr 18, 2018 CVE Published
- Dec 31, 2018 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score