CVE-2022-20733
Summary
| CVE | CVE-2022-20733 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-15 18:15:00 UTC |
| Updated | 2023-11-07 03:42:00 UTC |
| Description | A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Identity Services Engine | 3.1 | - | All | All |
| Application | Cisco | Identity Services Engine | 3.1 | patch1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 20220615 Cisco Identity Services Engine Authentication Bypass Vulnerability | CISCO | tools.cisco.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 317200 Cisco Identity Services Engine (ISE) Authentication Bypass Vulnerability (cisco-sa-ISE-SAML-nuukMPf9)