SB2021021714 - Information disclosure in Cisco Identity Services Engine (ISE)
Published: February 17, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Incorrect Privilege Assignment (CVE-ID: CVE-2021-1412)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to incorrect access restrictions within the Admin portal of Cisco ISE. A remote authenticated user can obtain system information.
2) Incorrect Privilege Assignment (CVE-ID: CVE-2021-1416)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to incorrect access restrictions within the Admin portal of Cisco ISE. A remote authenticated user can obtain system information.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-exp-8RsuEu8S
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw81454
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw82927
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw89818
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw83296
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw83334