CVE-2018-0187

Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability

CVSS 6.5 MEDIUMEPSS 1.5%CWE-200

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.5EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

23 jan 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

Cisco · Cisco Identity Services Engine Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure http://www.securityfocus.com/bid/106717