CVE-2024-20466Incorrect Privilege Assignment in Cisco Identity Services Engine

CWE-266Incorrect Privilege AssignmentCWE-863Incorrect Authorization4 documents4 sources
Severity
4.9MEDIUMNVD
CNA6.5
EPSS
0.2%
top 61.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedAug 21

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sens

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/identity_services_engine2.7.03.1+3

🔴Vulnerability Details

2
GHSA
GHSA-682f-6p39-r4r2: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain2024-08-21
CVEList
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2024-08-21

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability2024-08-21
CVE-2024-20466 — Incorrect Privilege Assignment | cvebase