Cisco ISE Vulnerability Allows Attacker to Obtain Sensitive Information

CVE-2024-20466

6.5MEDIUM

Key Information

Vendor: Cisco
Status: Cisco Identity Services Engine Software
Vendor: CVE Published:; 21 August 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

Affected Version(s)

Cisco Identity Services Engine Software = 2.7.0

Cisco Identity Services Engine Software = 2.7.0 p1

Cisco Identity Services Engine Software = 2.7.0 p2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 21, 2024
Vulnerability Reserved.
Nov 8, 2023
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database