Published on: Not Yet Published
Last Modified on: 10/31/2022 05:40:00 PM UTC
CVE-2022-20822 - advisory for cisco-sa-ise-path-trav-Dz5dpzyMSource: Mitre Source: NIST CVE.ORG Print: PDF
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability.
- CVE-2022-20822 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
- The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerability that is described in this advisory will become available after software fixes are released. Public reports of the vulnerability, including a description and classification without specific technical details, will become available after publication of this advisory.
- Affected Vendor/Software: Cisco - Cisco Identity Services Engine Software version n/a
CVSS3 Score: 8.1 - HIGH
|No Description Provided|| tools.cisco.com |
|CISCO 20221019 Cisco Identity Services Engine Unauthorized File Access Vulnerability|
Related QID Numbers
- 317247 Cisco Identity Services Engine (ISE) Unauthorized File Access Vulnerability (cisco-sa-ise-path-trav-Dz5dpzyM)
Known Affected Configurations (CPE V2.3)
|Application||Cisco||Identity Services Engine||3.1||-||All||All|
|Application||Cisco||Identity Services Engine||3.1||patch1||All||All|
|Application||Cisco||Identity Services Engine||3.1||patch3||All||All|
|Application||Cisco||Identity Services Engine||3.2||-||All||All|
|/r/RedSec||Vulnerabilities in Cisco Identity Services Engine require your attention (CVE-2022-20822, CVE-2022-20959) - Help Net Security||2022-11-01 23:00:12|