Cisco ISE Vulnerability Exposes Sensitive Information
CVE-2024-20515
Key Information
- Vendor
- Cisco
- Status
- Cisco Identity Services Engine Software
- Vendor
- CVE Published:
- 2 October 2024
Badges
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
This vulnerability is due to a lack of proper data protection mechanisms for certain configuration settings. An attacker with Read-Only Administrator privileges could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to view device credentials that are normally not visible to Read-Only Administrators.
Affected Version(s)
Cisco Identity Services Engine Software = 3.0.0
Cisco Identity Services Engine Software = 3.0.0 p1
Cisco Identity Services Engine Software = 3.0.0 p2
Refferences
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved