CVE-2016-1402 - OpenCVE

The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Identity Services Engine Identity Services Engine Software

Configuration 1 [-]

AND

cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p1::::::
	cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p2::::::
	cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p3::::::
	cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p4::::::
	cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p5::::::
	cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p6::::::

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise
http://www.securitytracker.com/id/1035946

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2016-05-21T01:00:00

Updated: 2024-08-05T22:55:14.261Z

Reserved: 2016-01-04T00:00:00

Link: CVE-2016-1402

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-05-21T01:59:01.520

Modified: 2016-12-01T03:05:33.603

Link: CVE-2016-1402

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T16:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1035946", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035946"}, {"name": "20160517 Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1402", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035946", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035946"}, {"name": "20160517 Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.261Z"}, "title": "CVE Program Container", "references": [{"name": "1035946", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035946"}, {"name": "20160517 Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1402", "datePublished": "2016-05-21T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.261Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p1:*:*:*:*:*:*", "matchCriteriaId": "033CAAE3-9F6D-4077-80F8-C3FC4821DC31", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p2:*:*:*:*:*:*", "matchCriteriaId": "4DE94874-135D-4B99-BCB0-320003FFD42B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p3:*:*:*:*:*:*", "matchCriteriaId": "E6A1503D-49EC-4B45-9F82-3EE3D3FD1AF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p4:*:*:*:*:*:*", "matchCriteriaId": "71F02403-8202-4E23-994E-6199FC22E691", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p5:*:*:*:*:*:*", "matchCriteriaId": "C7FF4E32-8DCE-4354-B850-94B26CF034A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p6:*:*:*:*:*:*", "matchCriteriaId": "ACF42F3D-F22D-40A6-B130-9BC1721900CF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815."}, {"lang": "es", "value": "El componente de integraci\u00f3n Active Directory (AD) en Cisco Identity Service Engine (ISE) en versiones anteriores a 1.2.0.899 patch 7, cuando se habilita la autorizaci\u00f3n para miembros del grupo AD, permite a atacantes remotos provocar una denegaci\u00f3n del servicio (fallo de autenticaci\u00f3n) a trav\u00e9s de una solicitud de autenticaci\u00f3n Password Authentication Protocol (PAP) manipulada, tambi\u00e9n conocido como Bug ID CSCun25815."}], "id": "CVE-2016-1402", "lastModified": "2016-12-01T03:05:33.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-21T01:59:01.520", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1035946"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}