CVE-2024-20466
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-08 CVE Reserved
- 2024-08-21 CVE Published
- 2024-10-31 CVE Updated
- 2025-04-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-vdF8Jbyk |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Cisco Identity Services Engine Software Search vendor "Cisco" for product "Cisco Identity Services Engine Software" | 2.7.0 Search vendor "Cisco" for product "Cisco Identity Services Engine Software" and version "2.7.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Identity Services Engine Software Search vendor "Cisco" for product "Cisco Identity Services Engine Software" | 3.0.0 Search vendor "Cisco" for product "Cisco Identity Services Engine Software" and version "3.0.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Identity Services Engine Software Search vendor "Cisco" for product "Cisco Identity Services Engine Software" | 3.1.0 Search vendor "Cisco" for product "Cisco Identity Services Engine Software" and version "3.1.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Identity Services Engine Software Search vendor "Cisco" for product "Cisco Identity Services Engine Software" | 3.2.0 Search vendor "Cisco" for product "Cisco Identity Services Engine Software" and version "3.2.0" | en |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Cisco Identity Services Engine Software Search vendor "Cisco" for product "Cisco Identity Services Engine Software" | 3.3.0 Search vendor "Cisco" for product "Cisco Identity Services Engine Software" and version "3.3.0" | en |
Affected
| ||||||