VDB

CVE-2020-3525

CVE-2020-3525 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

EPSS 0.20% · 42.6th percentile

Risk Scores

CVSS 3.0
4.300000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
EPSS Score
0.20%
42.6th percentile

Affected Products

VendorProductVersions
CiscoCisco Identity Services Engine SoftwareN/A
ciscoidentity_services_engine002.002\(000.916\), *, *

Exploit Intelligence

Timeline

  • Nov 18, 2024 CVE Published
  • Nov 18, 2024 PoC Published
  • Nov 18, 2024 CVE Updated
  • Nov 19, 2024 EPSS Score
  • Dec 7, 2024 EPSS Score
  • Dec 25, 2024 EPSS Score
  • Jan 11, 2025 EPSS Score
  • Jan 29, 2025 EPSS Score
  • Feb 15, 2025 EPSS Score
  • Mar 5, 2025 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›