CVE-2024-20466

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This issue is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges could exploit this by browsing to a page containing sensitive data, potentially collecting configuration information about the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.