CVE-2022-20819Incorrect Privilege Assignment in Cisco Identity Services Engine

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedJun 15
Latest updateJun 16

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A succe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/identity_services_engine2.6.2.6.0.156+4

🔴Vulnerability Details

2
GHSA
GHSA-4rwg-53cx-5g82: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain2022-06-16
CVEList
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2022-06-15

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2022-06-15
CVE-2022-20819 — Incorrect Privilege Assignment | cvebase