CVE-2022-20782
Published on: Not Yet Published
Last Modified on: 04/14/2022 09:09:00 AM UTC
CVE-2022-20782 - advisory for cisco-sa-info-exp-YXAWYP3s
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Identity Services Engine from Cisco contain the following vulnerability:
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
- CVE-2022-20782 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity. - The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software: Cisco - Cisco Identity Services Engine Software version n/a
CVSS3 Score: 6.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | NONE | NONE |
CVSS2 Score: 4 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | LOW | SINGLE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | NONE | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| No Description Provided | tools.cisco.com text/html |
CISCO 20220406 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability |
Related QID Numbers
- 317165 Cisco Identity Services Engine (ISE) Sensitive Information Disclosure Vulnerability (cisco-sa-info-exp-YXAWYP3s)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Identity Services Engine | 2.6.0 | - | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch1 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch10 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch2 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch3 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch5 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch6 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch7 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch8 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch9 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | - | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch1 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch2 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch3 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch4 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch5 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch6 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | - | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch1 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch2 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch3 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch4 | All | All |
| Application | Cisco | Identity Services Engine | 3.1 | - | All | All |
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*:
- cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2022-20782 : A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE co… twitter.com/i/web/status/1… | 2022-04-06 18:23:34 |
 /r/netcve |
CVE-2022-20782 | 2022-04-06 19:39:09 |
| /r/InfoSecNews |
Top 10 Most Interesting CVEs for April 2022 | 2022-05-05 09:59:31 |