目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2019-1851— Cisco Identity Services Engine 授权问题漏洞

EPSS 0.12% · P30
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2019-1851の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority (CA) Services on ISE. This vulnerability is due to an incorrect implementation of role-based access control (RBAC). An attacker could exploit this vulnerability by crafting a specific HTTP request with administrative credentials. A successful exploit could allow the attacker to generate a certificate that is signed and trusted by the ISE CA with arbitrary attributes. The attacker could use this certificate to access other networks or assets that are protected by certificate authentication.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
授权机制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco Identity Services Engine 授权问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco Identity Services Engine(ISE)是美国思科(Cisco)公司的一款基于身份的环境感知平台(ISE身份服务引擎)。该平台通过收集网络、用户和设备中的实时信息,制定并实施相应策略来监管网络。 Cisco ISE中的External RESTful Services (ERS) API存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
CiscoCisco Identity Services Engine Software unspecified ~ n/a -

II. CVE-2019-1851の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2019-1851のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Cisco · 2019-05-16 · 18 CVEs total

CVE-2019-1832Cisco Firepower Threat Defense Software Detection Engine Policy Bypass Vulnerability
CVE-2019-1825Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerab
CVE-2019-1824Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL Injection Vulnerab
CVE-2019-1823Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution
CVE-2019-1822Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution
CVE-2019-1821Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution
CVE-2019-1820Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnera
CVE-2019-1819Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnera
CVE-2019-1818Cisco Prime Infrastructure and Evolved Programmable Network Manager Path Traversal Vulnera
CVE-2019-1780Cisco FXOS and NX-OS Software Command Injection Vulnerability
CVE-2019-1860Cisco Unified Intelligence Center Remote File Injection Vulnerability
CVE-2019-1858Cisco FXOS and NX-OS Software Simple Network Management Protocol Denial of Service Vulnera
CVE-2019-1853Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
CVE-2019-1849Cisco IOS XR Software BGP MPLS-Based EVPN Denial of Service Vulnerability
CVE-2019-1846Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers MPLS OAM Deni
CVE-2019-1833Cisco Firepower Threat Defense Software SSL/TLS Policy Bypass Vulnerability
CVE-2019-1768Cisco NX-OS Software Buffer Overflow and Command Injection Vulnerability

IV. 関連脆弱性

同じ製品: Cisco Identity Services Engine Software
同じベンダー: Cisco
同じ弱点: CWE-285

V. CVE-2019-1851へのコメント

まだコメントはありません

コメントを残す