CVE-2019-15282

MEDIUM

Cisco Identity Services Engine Software - Unauthenticated Information Disclosure via Web Interface

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis

Scores

CVSS v3 5.3

EPSS 0.0122

EPSS Percentile 64.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

cisco/identity_services_engine_software 2.4\(0.357\) (10 CPE variants)

cisco/identity_services_engine_software < 2.4\(0.357\)

Published Oct 16, 2019

Tracked Since Feb 18, 2026