Information disclosure in Cisco Identity_services_engine_software

CVE-2014-8017

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

Vulnerability class: Information Disclosure

EPSS: 0.002 (35.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Identity_services_engine_software
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

71767 (vdb-entry, x_refsource_BID)
20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1031425 (vdb-entry, x_refsource_SECTRACK)