Impact
A flaw in Cisco Identity Services Engine and its Passive Identity Connector allows an unauthenticated remote user to view sensitive data by bypassing proper authorization checks when accessing a protected resource. The vulnerability can expose hashed credentials and other confidential information, thereby increasing the risk of future credential reuse or other credential‑based attacks. The weakness is a classic example of unauthorized access (CWE-285).
Affected Systems
The affected products include Cisco Identity Services Engine (ISE) software and the ISE Passive Identity Connector (ISE‑PIC). Any device running these components is potentially vulnerable unless patched or otherwise secured.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity impact, while the EPSS score of less than 1% shows a low probability of widespread exploitation at this time. The attack does not require authentication or prior foothold; an attacker can simply send crafted traffic from any remote network. Since the vulnerability is not listed in CISA KEV, it has not yet been confirmed as widely exploited, but the potential to expose credential data makes it a priority for mitigation.
OpenCVE Enrichment