CVE-2021-34702Sensitive Information Exposure in Cisco Identity Services Engine

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedOct 6
Latest updateMay 24

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/identity_services_engine2.2.02.6.0+3

🔴Vulnerability Details

2
GHSA
GHSA-qm99-4xg5-569f: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain2022-05-24
CVEList
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2021-10-06

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2021-10-06
CVE-2021-34702 — Sensitive Information Exposure | cvebase