CVE-2018-15459
A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account.
EPSS 0.14% · 33.9th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | identity_services_engine | 2.3\(0.298\), 2.5\(0.1\), 2.3\(0.298\) |
| Cisco | Cisco Small Business RV Series Router Firmware | n/a |
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1652 (circl)
- 20190123 Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability (circl)
- 46243 (circl)
- 106728 (circl)
- 20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval (circl)
- 20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval (circl)
- http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html (circl)
- http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html (circl)
- 46655 (circl)
- CIRCL exploited: CVE-2019-1652 (circl-sighting)
…and 17 more exploits
Timeline
- Jan 23, 2019 CVE Published
- Jan 24, 2019 PoC Published
- Jan 25, 2019 PoC Published
- Jan 28, 2019 PoC Published
- Mar 28, 2019 PoC Published
- Apr 3, 2019 PoC Published
- Apr 20, 2020 PoC Published
- Apr 20, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Oct 9, 2020 PoC Published
- Oct 15, 2020 PoC Published
- Oct 16, 2020 PoC Published
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-privilege advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-teams advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-unaccess advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-sol-escal advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-iot-fnd-dos advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-webex-rce advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-escal advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-15459 advisory
- http://www.securityfocus.com/bid/106707 url
- 46243 exploit
- 106728 vdb
- 20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval mailing-list
- 20190327 [RT-SA-2019-005] Cisco RV320 Command Injection Retrieval mailing-list
- http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.html url
- http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-Remote-Code-Execution.html url
…and 2 more