CVE-2019-15282: Cisco Identity Services Engine Information Disclosure Vulnerability
First published: Wed Oct 16 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine | <2.4\(0.357\) | |
| Cisco Identity Services Engine | =2.4\(0.357\) | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch1 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch2 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch3 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch4 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch5 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch6 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch7 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch8 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15282?
The severity of CVE-2019-15282 is classified as medium.
How do I fix CVE-2019-15282?
To fix CVE-2019-15282, upgrade to a version of Cisco Identity Services Engine that is not vulnerable, specifically version 2.4(0.357) or later.
Who is affected by CVE-2019-15282?
CVE-2019-15282 affects users of Cisco Identity Services Engine Software version 2.4(0.357) and earlier.
What kind of attack can exploit CVE-2019-15282?
CVE-2019-15282 can be exploited by an unauthenticated remote attacker to read sensitive tcpdump files on an affected Cisco device.
Is there a patch available for CVE-2019-15282?
Yes, Cisco has released patches for CVE-2019-15282, which are included in the fixed version of the software.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco identity services engine
- version/cisco identity services engine/2.4\(0.357\)
- version/cisco identity services engine/2.4\(0.357\)-patch1
- version/cisco identity services engine/2.4\(0.357\)-patch2
- version/cisco identity services engine/2.4\(0.357\)-patch3
- version/cisco identity services engine/2.4\(0.357\)-patch4
- version/cisco identity services engine/2.4\(0.357\)-patch5
- version/cisco identity services engine/2.4\(0.357\)-patch6
- version/cisco identity services engine/2.4\(0.357\)-patch7
- version/cisco identity services engine/2.4\(0.357\)-patch8
- version/cisco identity services engine/2.4\(0.357\)-patch9