Cisco Identity Services Engine Password Disclosure to an Unauthorized Actor Vulnerability

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

N/A

信息暴露

Cisco Identity Services Engine 信息泄露漏洞

Cisco Identity Services Engine（ISE）是美国思科（Cisco）公司的一款基于身份的环境感知平台（ISE身份服务引擎）。该平台通过收集网络、用户和设备中的实时信息，制定并实施相应策略来监管网络。 Cisco?Identity Services Engine (ISE) 2.7p2之前版本中的Admin门户存在信息泄露漏洞，该漏洞源于程序没有正确地包含存储的密码。远程攻击者可利用该漏洞恢复服务账户密码。

N/A

N/A