An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. Cisco Bug IDs: CSCvb10995.Ĭisco - videoscape_distribution_suite_for_televisionĪ vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance running Release 1.3, 1.4, 2.0.0, 2.0.1, or 2.1.0. This vulnerability does not affect endpoints authenticating to the ISE. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.Ī vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. Patch information is provided when available. This information may include identifying information, values, definitions, and related links. Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9Įntries may include additional information provided by organizations and efforts sponsored by US-CERT. Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
The division of high, medium, and low severities correspond to the following scores: The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week.