VDB

CVE-2018-15459

CVE-2018-15459 PUBLISHED CVSS 7.199999809265137 HIGH

A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the attacker to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account.

EPSS 0.14% · 33.9th percentile

Risk Scores

CVSS 3.0
7.199999809265137
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.14%
33.9th percentile

Affected Products

VendorProductVersions
ciscoidentity_services_engine2.3\(0.298\), 2.5\(0.1\), 2.3\(0.298\)
CiscoCisco Small Business RV Series Router Firmwaren/a

Timeline

  • Jan 23, 2019 CVE Published
  • Jan 24, 2019 PoC Published
  • Jan 25, 2019 PoC Published
  • Jan 28, 2019 PoC Published
  • Mar 28, 2019 PoC Published
  • Apr 3, 2019 PoC Published
  • Apr 20, 2020 PoC Published
  • Apr 20, 2020 PoC Published
  • Oct 9, 2020 PoC Published
  • Oct 9, 2020 PoC Published
  • Oct 15, 2020 PoC Published
  • Oct 16, 2020 PoC Published

References

…and 2 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›