In association with heise online

« previous | next »
21 September 2011, 16:31

Cisco warns of vulnerability in its Identity Services Engine

Cisco Logo Cisco is warning users of a critical vulnerability (CVE-2011-3290) in its Identity Services Engine (ISE). In its security advisory, the company says that the underlying database used by ISE, its identity and access control policy platform, contains three sets of default credentials that could be exploited by a remote attacker without any end-user interaction.

Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of a device. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 are affected.

The company says that it will release a free update to the software to address the vulnerability on 30 September 2011; no temporary workaround is available. Once released, the updates will be available to download from the Cisco Software Center.

See also:

(crve)

Add your comment

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-1347301

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit