ID

VAR-202206-1234


CVE

CVE-2022-20819


TITLE

Cisco Identity Services Engine  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011652

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.8

sources: NVD: CVE-2022-20819 // JVNDB: JVNDB-2022-011652 // VULHUB: VHN-405372 // VULMON: CVE-2022-20819

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:ltversion:2.6.0.156

Trust: 1.0

vendor:ciscomodel:identity services enginescope:gteversion:2.7

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4.0.357

Trust: 1.0

vendor:ciscomodel:identity services enginescope:gteversion:2.6.

Trust: 1.0

vendor:ciscomodel:identity services enginescope:ltversion:2.7.0.305

Trust: 1.0

vendor:ciscomodel:identity services enginescope:ltversion:2.4.0.357

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0.156

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011652 // NVD: CVE-2022-20819

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20819
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20819
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20819
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202206-1533
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405372
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20819
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20819
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405372
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20819
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20819
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405372 // VULMON: CVE-2022-20819 // JVNDB: JVNDB-2022-011652 // CNNVD: CNNVD-202206-1533 // NVD: CVE-2022-20819 // NVD: CVE-2022-20819

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-266

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405372 // JVNDB: JVNDB-2022-011652 // NVD: CVE-2022-20819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1533

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1533

PATCH

title:cisco-sa-ise-info-disclosure-Os6fSd6Nurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-info-disclosure-Os6fSd6N

Trust: 0.8

title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=196352

Trust: 0.6

title:Cisco: Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ise-info-disclosure-Os6fSd6N

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20819 // JVNDB: JVNDB-2022-011652 // CNNVD: CNNVD-202206-1533

EXTERNAL IDS

db:NVDid:CVE-2022-20819

Trust: 3.4

db:JVNDBid:JVNDB-2022-011652

Trust: 0.8

db:AUSCERTid:ESB-2022.2967

Trust: 0.6

db:CNNVDid:CNNVD-202206-1533

Trust: 0.6

db:CNVDid:CNVD-2022-55667

Trust: 0.1

db:VULHUBid:VHN-405372

Trust: 0.1

db:VULMONid:CVE-2022-20819

Trust: 0.1

sources: VULHUB: VHN-405372 // VULMON: CVE-2022-20819 // JVNDB: JVNDB-2022-011652 // CNNVD: CNNVD-202206-1533 // NVD: CVE-2022-20819

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-info-disclosure-os6fsd6n

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20819

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2022.2967

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20819/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405372 // VULMON: CVE-2022-20819 // JVNDB: JVNDB-2022-011652 // CNNVD: CNNVD-202206-1533 // NVD: CVE-2022-20819

SOURCES

db:VULHUBid:VHN-405372
db:VULMONid:CVE-2022-20819
db:JVNDBid:JVNDB-2022-011652
db:CNNVDid:CNNVD-202206-1533
db:NVDid:CVE-2022-20819

LAST UPDATE DATE

2024-08-14T14:10:44.218000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405372date:2022-06-24T00:00:00
db:VULMONid:CVE-2022-20819date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011652date:2023-08-23T07:18:00
db:CNNVDid:CNNVD-202206-1533date:2022-06-30T00:00:00
db:NVDid:CVE-2022-20819date:2023-11-07T03:43:02.490

SOURCES RELEASE DATE

db:VULHUBid:VHN-405372date:2022-06-15T00:00:00
db:VULMONid:CVE-2022-20819date:2022-06-15T00:00:00
db:JVNDBid:JVNDB-2022-011652date:2023-08-23T00:00:00
db:CNNVDid:CNNVD-202206-1533date:2022-06-15T00:00:00
db:NVDid:CVE-2022-20819date:2022-06-15T18:15:09.080