Impact
A flaw in Cisco Identity Services Engine (ISE) and its Passive Identity Connector (ISE‑PIC) allows an authenticated administrator to perform path traversal on the underlying OS. The vulnerability arises from insufficient validation of file paths in HTTP requests, enabling the attacker authenticating. The consequence is potential disclosure of sensitive configuration or credential files, compromising confidentiality for privileged accounts.
Affected Systems
The vulnerability affects Cisco ISE and Cisco ISE‑PIC across all released versions until a patch is applied; no specific version information is provided.
Risk and Exploitability
The CVSS score of 4.9 indicates moderate impact, while the EPSS score of 7% indicates a moderate probability of exploitation. The flaw is not listed in the CISA KEV catalog. Exploitation requires so the risk is limited to environments where such access exists.
OpenCVE Enrichment