CVE-2022-20782Incorrect Privilege Assignment in Cisco Identity Services Engine Software

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services Engine SoftwareCisco Identity Services Engine
Timeline
PublishedApr 6
Latest updateApr 7

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensit

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-4hr3-24fp-m37h: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain2022-04-07
CVEList
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2022-04-06

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2022-04-06
CVE-2022-20782 — Incorrect Privilege Assignment | cvebase