CVE-2022-20914
Summary
| CVE | CVE-2022-20914 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-10 09:15:00 UTC |
| Updated | 2023-11-07 03:43:00 UTC |
| Description | A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Identity Services Engine | All | All | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | - | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch1 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch10 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch2 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch3 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch5 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch6 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch7 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch8 | All | All |
| Application | Cisco | Identity Services Engine | 2.6.0 | patch9 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | - | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch1 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch2 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch3 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch4 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch5 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch6 | All | All |
| Application | Cisco | Identity Services Engine | 2.7.0 | patch7 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | - | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch1 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch2 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch3 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch4 | All | All |
| Application | Cisco | Identity Services Engine | 3.0.0 | patch5 | All | All |
| Application | Cisco | Identity Services Engine | 3.1 | - | All | All |
| Application | Cisco | Identity Services Engine | 3.1 | patch1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20220803 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability | CISCO | tools.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317213 Cisco Identity Services Engine (ISE) Sensitive Information Disclosure Vulnerability (cisco-sa-ise-pwd-WH64AhQF)