CVE-2019-15282

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ciscoCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
ciscoidentity_services_engine_software
𝑥
< 2.4\(0.357\)
ciscoidentity_services_engine_software
2.4\(0.357\)
ciscoidentity_services_engine_software
2.4\(0.357\):patch1
ciscoidentity_services_engine_software
2.4\(0.357\):patch2
ciscoidentity_services_engine_software
2.4\(0.357\):patch3
ciscoidentity_services_engine_software
2.4\(0.357\):patch4
ciscoidentity_services_engine_software
2.4\(0.357\):patch5
ciscoidentity_services_engine_software
2.4\(0.357\):patch6
ciscoidentity_services_engine_software
2.4\(0.357\):patch7
ciscoidentity_services_engine_software
2.4\(0.357\):patch8
ciscoidentity_services_engine_software
2.4\(0.357\):patch9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis