Design/Logic Flaw

2022-06-1518:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.9%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration.

CPENameOperatorVersion
identity_services_engineeq2.4.0.357
identity_services_engineeq2.4.0.357 patch1
identity_services_engineeq2.4.0.357 patch2
identity_services_engineeq2.4.0.357 patch3
identity_services_engineeq2.4.0.357 patch4
identity_services_engineeq2.4.0.357 patch5
identity_services_engineeq2.4.0.357 patch6
identity_services_engineeq2.4.0.357 patch7
identity_services_engineeq2.4.0.357 patch8
identity_services_engineeq2.4.0.357 patch9

Name	Operator	Version
identity_services_engine	eq	2.4.0.357
identity_services_engine	eq	2.4.0.357 patch1
identity_services_engine	eq	2.4.0.357 patch2
identity_services_engine	eq	2.4.0.357 patch3
identity_services_engine	eq	2.4.0.357 patch4
identity_services_engine	eq	2.4.0.357 patch5
identity_services_engine	eq	2.4.0.357 patch6
identity_services_engine	eq	2.4.0.357 patch7
identity_services_engine	eq	2.4.0.357 patch8
identity_services_engine	eq	2.4.0.357 patch9