CVE-2015-4219

CVE Database · CVE-2015-4219

CVE-2015-4219

· N/AModified

CVSS v3.1

N/A

EPSS

2.06%

Published

Jun 24, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.

Weaknesses (CWE)

CWE-200CWE-264

Affected Products (3)

cisco · identity_services_engine_softwarevulnerable

cisco · secure_access_control_systemvulnerable

References (8)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39501

Vendor Advisory

http://www.securityfocus.com/bid/75379

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032713

Third Party AdvisoryVDB Entry