CVE-2021-34702

EPSS 0.16%
Published 06.10.2021 20:15:08
Last modified 21.11.2024 06:10:59
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Identity Services Engine Version >= 2.2.0 < 2.6.0

Cisco ≫ Identity Services Engine Version2.6.0 Update-

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch1

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch10

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch2

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch3

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch5

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch6

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch7

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch8

Cisco ≫ Identity Services Engine Version2.6.0 Updatepatch9

Cisco ≫ Identity Services Engine Version2.7.0 Update-

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch1

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch2

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch3

Cisco ≫ Identity Services Engine Version2.7.0 Updatepatch4

Cisco ≫ Identity Services Engine Version3.0.0 Update-

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch1

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch2

Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.338

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disc-pNXtLhdp

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34702

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34702

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34702

EUVD