CVE-2014-8017

Published: Dec 22, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

Affected (1)

Products: Cisco: Identity Services Engine Software

Cisco

1 product

Identity Services Engine Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine Software	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71767

Source: psirt@cisco.com

http://www.securitytracker.com/id/1031425

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/71767

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031425

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.