CVE-2018-15456

Name: CVE-2018-15456
Creator: NVD / NIST
Published: 2019-01-10T18:29:00.577+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.28%

Last modified Jun 17, 2026

CVE-2018-15456 is a vulnerability of currently unknown severity. A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. EPSS estimates a 1.28% chance of exploitation in the next 30 days.

Description

A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack.

Metrics

EPSS Probability

1.28%

66.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Identity Services Engine	2.2\(0.470\)
Cisco	Identity Services Engine	2.3\(0.298\)
Cisco	Identity Services Engine	2.4\(0.357\)
Cisco	Identity Services Engine	2.4\(100.159\)

References

http://www.securityfocus.com/bid/106512Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-passwdVendor Advisory
http://www.securityfocus.com/bid/106512Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-passwdVendor Advisory

Timeline

Published: Jan 10, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-15456?

How severe is CVE-2018-15456?

Severity scoring for CVE-2018-15456 is pending analysis. The EPSS model estimates a 1.28% probability of exploitation in the next 30 days.

How do I fix CVE-2018-15456?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-15456?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST