Cisco ISE Vulnerability Could Allow Attacker to Recover Service Account Passwords

CVE-2020-3525

Summary

A security issue exists in the Admin portal of Cisco Identity Services Engine that may enable an authenticated remote attacker to retrieve service account passwords stored in the system. This vulnerability arises from improper handling of saved passwords when accessing configuration pages within the Admin portal. An attacker with either read or write access could exploit this flaw by navigating to a page containing sensitive information. Successful exploitation may lead to the unauthorized disclosure of passwords, thereby increasing the risk of further attacks on affected accounts. Cisco has made software updates available to rectify this issue, and no effective workarounds are currently available.

References