CVE-2021-1412

MEDIUM

Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Admin Portal

Title source: llm

Description

Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only administrator access to the Admin portal could exploit these vulnerabilities by browsing to one of the pages that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. For more information about these vulnerabilities, see the Details section of this advisory.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S

Scores

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 38.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-266

Status published

Products (6)

cisco/identity_services_engine 2.3.0 (8 CPE variants)

cisco/identity_services_engine 2.4.0 (14 CPE variants)

cisco/identity_services_engine 2.6.0 (8 CPE variants)

cisco/identity_services_engine 2.7.0 (2 CPE variants)

cisco/identity_services_engine 3.0.0 (2 CPE variants)

cisco/identity_services_engine < 2.3.0

Published Feb 17, 2021

Tracked Since Feb 18, 2026