CVE-2021-34702

Published: Oct 6, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

Affected (20)

Products: Cisco: Identity Services Engine

Cisco

1 product

Identity Services Engine

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine	From 2.2.0 to 2.6.0
Cisco Identity Services Engine	Version 2.6.0
Cisco Identity Services Engine	Version 2.6.0 patch10
Cisco Identity Services Engine	Version 2.6.0 patch1
Cisco Identity Services Engine	Version 2.6.0 patch2
Cisco Identity Services Engine	Version 2.6.0 patch3
Cisco Identity Services Engine	Version 2.6.0 patch5
Cisco Identity Services Engine	Version 2.6.0 patch6
Cisco Identity Services Engine	Version 2.6.0 patch7
Cisco Identity Services Engine	Version 2.6.0 patch8
Cisco Identity Services Engine	Version 2.6.0 patch9
Cisco Identity Services Engine	Version 2.7.0
Cisco Identity Services Engine	Version 2.7.0 patch1
Cisco Identity Services Engine	Version 2.7.0 patch2
Cisco Identity Services Engine	Version 2.7.0 patch3
Cisco Identity Services Engine	Version 2.7.0 patch4
Cisco Identity Services Engine	Version 3.0.0
Cisco Identity Services Engine	Version 3.0.0 patch1
Cisco Identity Services Engine	Version 3.0.0 patch2
Cisco Identity Services Engine	Version 3.0.0 patch3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.