CVE-2022-20782
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto autenticado obtener información confidencial de un dispositivo afectado. Esta vulnerabilidad es debido a una aplicación inapropiada de los niveles de privilegio administrativo para los datos confidenciales de alto valor. Un atacante con privilegios de administrador de sólo lectura en la interfaz de administración basada en web en un dispositivo afectado podría explotar esta vulnerabilidad navegando a una página que contenga datos confidenciales. Una explotación con éxito podría permitir al atacante recopilar información confidencial sobre la configuración del sistema
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-11-02 CVE Reserved
- 2022-04-06 CVE Published
- 2024-06-28 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-269: Improper Privilege Management
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-exp-YXAWYP3s | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch10 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch3 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch5 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch6 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch7 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch8 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch9 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch3 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch4 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch5 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch6 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch1 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch2 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch3 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch4 |
Affected
| ||||||
Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1" | - |
Affected
|