CVE-2018-0187 MEDIUM

CVE-2018-0187: Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability

Vendor Cisco
Product Cisco Identity Services Engine Software
Weakness CWE-200 · Info exposure
Published January 23, 2019
Last update November 21, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a vulnerable system. An exploit could allow an attacker to obtain confidential information for privileged accounts. This information could then be used to impersonate or negatively impact the privileged account on the affected system.

Key dates

02Disclosure timeline

January 23, 2019 CVE published
November 21, 2024 Record updated