Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-34702


A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.


Published

2021-10-06T20:15:08.777

Last Modified

2024-11-21T06:10:59.317

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-200
  • Type: Primary
    NVD-CWE-Other

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco identity_services_engine < 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.6.0 Yes
Application cisco identity_services_engine 2.7.0 Yes
Application cisco identity_services_engine 2.7.0 Yes
Application cisco identity_services_engine 2.7.0 Yes
Application cisco identity_services_engine 2.7.0 Yes
Application cisco identity_services_engine 2.7.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes
Application cisco identity_services_engine 3.0.0 Yes

References