In association with heise online

21 September 2011, 15:31

Cisco warns of vulnerability in its Identity Services Engine

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco Logo Cisco is warning users of a critical vulnerability (CVE-2011-3290) in its Identity Services Engine (ISE). In its security advisory, the company says that the underlying database used by ISE, its identity and access control policy platform, contains three sets of default credentials that could be exploited by a remote attacker without any end-user interaction.

Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of a device. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 are affected.

The company says that it will release a free update to the software to address the vulnerability on 30 September 2011; no temporary workaround is available. Once released, the updates will be available to download from the Cisco Software Center.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit