CVE-2019-15255

MEDIUM

Cisco Identity Services Engine - Authenticated Authorization Bypass via URL Sanitization Issue

Title source: llm
STIX 2.1

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information.

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0111
EPSS Percentile 61.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (2)
cisco/identity_services_engine 2.2
cisco/identity_services_engine 2.2\(0.470\)
Published Jan 26, 2020
Tracked Since Feb 18, 2026