CVE-2021-34702

MEDIUM

Cisco Identity Services Engine 2.2.0-2.5.9 - Authenticated Sensitive Information Exposure via Web Management Interface

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp

Scores

CVSS v3 4.3

EPSS 0.0016

EPSS Percentile 36.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (4)

cisco/identity_services_engine 2.6.0 (10 CPE variants)

cisco/identity_services_engine 2.7.0 (5 CPE variants)

cisco/identity_services_engine 3.0.0 (4 CPE variants)

cisco/identity_services_engine 2.2.0 - 2.6.0

Published Oct 06, 2021

Tracked Since Feb 18, 2026