CVE-2019-15282

CWE-306Missing Authentication4 documents4 sources
Severity
5.3MEDIUM
EPSS
1.1%
top 22.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Identity Services Engine SoftwareCisco Identity Services Engine Software
Timeline
PublishedOct 16
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular nam

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco/cisco_identity_services_engine_softwareunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-gh78-6hq3-f87p: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker2022-05-24
CVEList
Cisco Identity Services Engine Information Disclosure Vulnerability2019-10-16

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Information Disclosure Vulnerability2019-10-16
CVE-2019-15282 (MEDIUM CVSS 5.3) | A vulnerability in the web-based ma | cvebase.io