CVE-2022-20914

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) Software (affected versions not specified)

Description A vulnerability in the External RESTful Services (ERS) API could allow an authenticated, remote attacker to obtain sensitive information due to excessive verbosity in a specific REST API output. An attacker could exploit this by sending a crafted HTTP request to the affected device, potentially obtaining sensitive information, including administrative credentials for an external authentication server. The attacker must have valid ERS administrative credentials to successfully exploit this vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.