Cisco ISE Vulnerability Exposes Sensitive Information

CVE-2024-20515

6.5MEDIUM

Key Information

Vendor
Cisco
Status
Cisco Identity Services Engine Software
Vendor
CVE Published:
2 October 2024

Badges

đź‘ľ Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.

This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.

Affected Version(s)

Cisco Identity Services Engine Software = 3.0.0

Cisco Identity Services Engine Software = 3.0.0 p1

Cisco Identity Services Engine Software = 3.0.0 p2

Refferences

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.