CVE-2022-20733

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:identity_services_engine:3.1:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.1:patch1::::::

History

21 Nov 2024, 06:43

Type	Values Removed	Values Added
CVSS	v2 : ~~5.0~~ v3 : ~~9.8~~	v2 : 5.0 v3 : 5.3
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9 - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9 - Vendor Advisory

24 Jul 2023, 13:30

Type	Values Removed	Values Added
CWE	~~CWE-287~~	NVD-CWE-Other

Information

Published : 2022-06-15 18:15

Updated : 2024-11-21 06:43

NVD link : CVE-2022-20733

Mitre link : CVE-2022-20733

CVE.ORG link : CVE-2022-20733

JSON object : View

Products Affected

cisco

identity_services_engine

CWE

CWE-287

Improper Authentication

NVD-CWE-Other

{"id": "CVE-2022-20733", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-06-15T18:15:08.773", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions."}, {"lang": "es", "value": "Una vulnerabilidad en la p\u00e1gina de inicio de sesi\u00f3n de Cisco Identity Services Engine (ISE) podr\u00eda permitir a un atacante remoto no autenticado iniciar sesi\u00f3n sin credenciales y acceder a todos los roles sin ninguna restricci\u00f3n. Esta vulnerabilidad es debido a la exposici\u00f3n de metadatos confidenciales de Security Assertion Markup Language (SAML). Un atacante podr\u00eda explotar esta vulnerabilidad al usar los metadatos SAML expuestos para omitir la autenticaci\u00f3n en el portal de usuario. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante acceder a todos los roles sin ninguna restricci\u00f3n"}], "lastModified": "2024-11-21T06:43:26.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}