Input validation

2021-10-0620:15:00

PRIOn knowledge base

www.prio-n.com

4.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.7%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

CPENameOperatorVersion
identity_services_engineeq2.6.0 patch1
identity_services_engineeq2.6.0 patch2
identity_services_engineeq2.6.0 patch3
identity_services_engineeq2.6.0 patch6
identity_services_engineeq2.6.0 patch5
identity_services_engineeq2.6.0
identity_services_engineeq2.6.0 patch7
identity_services_engineeq2.7.0 patch2
identity_services_engineeq3.0.0
identity_services_engineeq3.0.0 patch1

Name	Operator	Version
identity_services_engine	eq	2.6.0 patch1
identity_services_engine	eq	2.6.0 patch2
identity_services_engine	eq	2.6.0 patch3
identity_services_engine	eq	2.6.0 patch6
identity_services_engine	eq	2.6.0 patch5
identity_services_engine	eq	2.6.0
identity_services_engine	eq	2.6.0 patch7
identity_services_engine	eq	2.7.0 patch2
identity_services_engine	eq	3.0.0
identity_services_engine	eq	3.0.0 patch1