Cisco Mobility Service Engine Password Information Disclosure Vulnerability

A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an authenticated, remote attacker to gain access to sensitive information.

The vulnerability is due to insufficient security restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to retrieve the password of other legitimate users of the affected device via log files or through the GUI. A successful exploit could be leveraged to conduct further attacks.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must authenticate to the affected device. This access requirement decreases the likelihood of a successful exploit.