Cisco Identity Services Engine User Account Enumeration Vulnerability

A vulnerability exists in an identity management API endpoint of Cisco Identity Services Engine (ISE) that could allow an unauthenticated, remote attacker to enumerate valid user accounts on the affected device. This issue arises because the API endpoint returns error messages that can be used to differentiate between valid and invalid usernames. By sending a series of crafted requests and analyzing the responses, an attacker could compile a list of valid usernames on the system.

Impact

Exploitation of this vulnerability could lead to unauthorized enumeration of user accounts, allowing an attacker to gather valid usernames that could be used for further attacks, such as phishing or credential stuffing.

Remediation

Cisco has released software updates to address this vulnerability. Users should upgrade to version 3.3 Patch 11, 3.4 Patch 6, or 3.5 Patch 3. For versions 3.2 and earlier, users should migrate to a fixed release.