Cisco Security Advisory - Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

Started by Netwörkheäd, August 04, 2022, 06:05:37 AM

Previous topic - Next topic

Netwörkheäd

Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability

<p>A vulnerability in the External RESTful Services (ERS) API of Cisco&nbsp;Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information.</p>
<p>This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server.</p>
<p><strong>Note: </strong>To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials.</p>
<p>Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a id="u_psirt_publication.u_public_url_link" class="web web-inline form-control-static" href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF" target="gsft_link" name="u_psirt_publication.u_public_url_link">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF</a></p>

     
         
Security Impact Rating:  Medium
   
   
       
CVE: CVE-2022-20914
Source: Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Let's not argue. Let's network!