CVE-2020-3525

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine (affected versions not specified)

Description: The issue is related to errors in password storage within the administrative web interface of the Cisco Identity Services Engine platform. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this by browsing to a page containing sensitive data, potentially recovering passwords and exposing accounts to further attack.

Recommendations: For Cisco Identity Services Engine, update to a version that includes the software updates released by Cisco to address this issue. As a temporary workaround, consider restricting access to the Admin portal to minimize the risk of exploitation.