CVE-2021-34702
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto autenticado conseguir información confidencial. Esta vulnerabilidad es debido a una aplicación inapropiada de los niveles de privilegio de administrador para los datos confidenciales de bajo valor. Un atacante con acceso de administrador de sólo lectura a la interfaz de administración basada en web podría explotar esta vulnerabilidad al navegar a la página que contiene los datos confidenciales. Una explotación con éxito podría permitir al atacante recoger información confidencial sobre la configuración del sistema
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-06-15 CVE Reserved
- 2021-10-06 CVE Published
- 2023-04-29 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | >= 2.2.0 < 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version " >= 2.2.0 < 2.6.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch10 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch3 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch5 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch6 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch7 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch8 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch9 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch3 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch4 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch3 |
Affected
|