CVE-2022-20914 An attacker could exploit a vulnerability in the ERS API of Cisco ISE to obtain sensitive information.

CVE-2022-20914 An attacker could exploit a vulnerability in the ERS API of Cisco ISE to obtain sensitive information.

The vulnerability could be exploited remotely via the HTTP protocol. All software releases and imm revisions where the ERS REST API is affected are vulnerable. This component is currently not enabled by default. In certain installations, it may be enabled by setting the variable rest_enabled to ‘True’. This component can be enabled by setting the variable rest_enabled to ‘True’. To determine if you have an affected software release, look at the imm_version value listed in the - imm_version metadata field in the output of the show version command. You can also check to see if the ERS REST API is enabled by looking at the imm_rest_enabled metadata field in the output of the show version command. To determine if your installation is affected, look at the imm_rest_enabled metadata field in the output of the show version command.

Mitigation There are several mitigations you can implement to help protect against this threat. Restrict access to the ERS REST API to only trusted users.

Enable the REST API by setting the rest_enabled variable to ‘True’.

Disable verbose REST API output by setting the rest_verbose_output variable to ‘False’.

Upgrade to the latest software release.

If you are running Cisco ISE and receive an email message that has an attachment named ‘cisco-ise-dmp-report.zip’, it is important to

Affected Software: CVE-2022-20914

The vulnerability could be exploited remotely via the HTTP protocol. All software releases and imm revisions where the ERS REST API is affected are vulnerable. This component is currently not enabled by default. In certain installations, it may be enabled by setting the variable rest_enabled to ‘True’. This component can be enabled by setting the variable rest_enabled to ‘True’. To determine if you have an affected software release, look at the imm_version value listed in the - imm_version metadata field in the output of the show version command. You can also check to see if the ERS REST API is enabled by looking at the imm_rest_enabled metadata field in the output of the show version command. To determine if your installation is affected, look at the imm_rest_enabled metadata field in the output of the show version command.

Mitigation There are several mitigations you can implement to help protect against this threat. Restrict access to the ERS REST API to only trusted users.

Enable the REST API by setting rest_enabled variable to 'True'.

Disable verbose REST API output by setting rest_verbose_output variable to 'False'.

Cisco ISE Dump Collector immediately remove the attachment from your system.

ERS REST API Overview

The ERS REST API is a Cisco ISE feature which allows administrators to perform management tasks via the ISE web interface. The API allows access to a subset of the capabilities available through the Cisco ISE GUI and CLI.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe