CVE-2019-15282

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) Software (affected versions not specified)

Description The issue is related to the web-based management interface of Cisco Identity Services Engine (ISE) Software, where an unauthenticated, remote attacker could read tcpdump files generated on an affected device. This is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this by sending a crafted request to the web interface, potentially allowing them to read a tcpdump file generated with a particular naming scheme. The vulnerability is associated with a lack of authentication for a critical function, which could allow an attacker to gain unauthorized access to protected information by sending a specially crafted request and using the Tcpdump network analysis utility.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.