CVE-2020-3525

CVSS 3.0 Score 4.3 of 10 (medium)

Details

Published Nov 18, 2024
CWE ID 200

Summary

CVE-2020-3525 is a vulnerability affecting the Admin portal of Cisco Identity Services Engine (ISE). It allows authenticated, remote attackers to recover service account passwords that are saved on an affected system. The issue arises due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal can exploit this vulnerability by browsing to a page containing sensitive data. A successful exploit could result in the attacker recovering passwords and exposing those accounts to further attack. Cisco has released software updates to address this vulnerability, and there are currently no workarounds available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share