Cisco Intrusion Prevention System Device Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments.

The vulnerability is due to improper masking of sensitive data in certain HTML comments. An attacker could exploit this vulnerability by navigating to certain configuration screens. An exploit could allow the attacker to discover sensitive data that should be restricted and could be used to conduct further attacks.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm”]