Cisco Identity Services Engine 支持包下载信息泄露漏洞
Cisco Identity Services Engine 支持包下载信息泄露漏洞
发布日期:2014-01-15
更新日期:2014-01-19
受影响系统:
Cisco Identity Services Engine
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 64939
CVE(CAN) ID: CVE-2014-0665
Cisco Identity Services Engine是集身份验证、授权和AAA、状态、设置文件和客户端管理为一体的访问控制解决方案。
Cisco Identity Services Engine (ISE)软件的RBAC没有正确验证支持包下载权限,可使经过身份验证的远程用户获取敏感信息。
<*来源:Cisco
链接:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(CVE-2014-0665)以及相应补丁:
CVE-2014-0665:Cisco ISE Unprivileged Support Bundle Download Vulnerability
链接:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665
评论暂时关闭