Vulnerability Details : CVE-2011-3290
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
Products affected by CVE-2011-3290
- cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3290
1.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3290
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-3290
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3290
-
http://www.securityfocus.com/bid/49703
Cisco Identity Services Engine Database Default Credentials Security Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69945
Cisco Identity Services Engine default credentials CVE-2011-3290 Vulnerability Report
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml
Cisco Identity Services Engine Database Default Credentials Vulnerability - CiscoVendor Advisory
-
http://www.securitytracker.com/id?1026075
Cisco Identity Services Engine Default Credentials Let Remote Users Gain Administrative Access - SecurityTracker
Jump to