CVE-2018-15456

MEDIUM

Cisco Identity Services Engine - Information Disclosure

Title source: rule

Description

A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106512

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-passwd

Scores

CVSS v3 4.3

EPSS 0.0014

EPSS Percentile 34.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (4)

cisco/identity_services_engine

Timeline

Published Jan 10, 2019

Tracked Since Feb 18, 2026