BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Cisco Identity Services Engine Database Default Credentials Vulnerability

Disclosed September 20, 2011    Fully Patched

Vulnerability Description:

Cisco Identity Services Engine uses default credentials for its database. Remote attackers could supply these credentials to gain full administrative access to the device.

Vendors:

Cisco

Vulnerable Software/Devices:

Cisco Identity Services Engine (ISE)

Vulnerability Severity:

High

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Administrative Device Access Remote attackers could supply default credentials to gain full administrative access to any affected device.

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 15248 - Cisco Identity Services Engine Default Credentials (Zero-Day)

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None

Leave a Reply