Primary

Context

Cisco ISE Information Disclosure Vulnerability

Vulnerability

Patched

An information disclosure vulnerability has been identified in the web-based management interface of Cisco Identity Services Engine (ISE). This vulnerability allows an authenticated, remote attacker with read-only Administrator privileges to access sensitive information from the affected device. The issue arises because certain files do not have adequate data protection, enabling the attacker to view passwords and other information that should be restricted to high-privileged users.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, such as passwords, that are not normally visible to read-only administrators.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found on the Cisco Identity Service Engine support page.

Added: Nov 5, 2025, 5:33 PM

Updated: Nov 5, 2025, 5:33 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco ISE Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Identity Services Engine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating