CVE-2022-20819

MEDIUM

Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Management Interface

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disclosure-Os6fSd6N

Scores

CVSS v3 6.5

EPSS 0.0017

EPSS Percentile 38.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-269 CWE-266

Status published

Products (3)

cisco/identity_services_engine 2.4.0.357 (11 CPE variants)

cisco/identity_services_engine 2.6.0.156 patch1 (3 CPE variants)

cisco/identity_services_engine < 2.4.0.357

Published Jun 15, 2022

Tracked Since Feb 18, 2026