CVE-2018-0187 — Sensitive Information Exposure in Cisco Identity Services Engine Software

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 56.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine Software Cisco Identity Services Engine

Timeline

PublishedJan 23

Latest updateMay 13

Description

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to im…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/identity_services_engine2.4\(0.901.1\), 2.4\(0.901\)+1

▶CVEListV5cisco/cisco_identity_services_engine_softwaren/a

🔴Vulnerability Details

GHSA

GHSA-jj77-9jr7-4mpq: A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential infor↗2022-05-13

▶

CVEList

Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability↗2019-01-23

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability↗2019-01-23

▶