Main Vulnerability Database Vulnerabilities #VU17192

Information disclosure in Cisco Identity Services Engine (ISE) - CVE-2018-0187

Published: January 24, 2019

Vulnerability identifier: #VU17192

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0187

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Identity Services Engine (ISE)

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The vulnerability exists in the Admin portal due to improper handling of confidential information. A remote attacker can log into the web interface and obtain confidential information for privileged accounts that can then be used to impersonate or negatively impact the privileged account on the affected system.

How to mitigate CVE-2018-0187

The vulnerability has been addressed in the versions 2.4(0.904), 2.2(0.911).

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-ise-info-disclosure

Information disclosure in Cisco Identity Services Engine (ISE) - CVE-2018-0187

Detailed vulnerability description

How to mitigate CVE-2018-0187

Sources

Please verify you're human