Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability<p>A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information.</p>
<p>This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server.</p>
<p><strong>Note: </strong>To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a id="u_psirt_publication.u_public_url_link" class="web web-inline form-control-static" href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF" target="gsft_link" name="u_psirt_publication.u_public_url_link">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF</a></p>
Security Impact Rating: Medium
CVE: CVE-2022-20914
Source: Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Sensitive%20Information%20Disclosure%20Vulnerability&vs_k=1)