CVE-2023-20166

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*

History

26 May 2023, 14:42

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*
First Time Cisco
Cisco identity Services Engine
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.7
CWE CWE-22
References (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - Vendor Advisory

Information

Published : 2023-05-18 03:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-20166

Mitre link : CVE-2023-20166

CVE.ORG link : CVE-2023-20166


JSON object : View

Products Affected

cisco

  • identity_services_engine
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24

Path Traversal: '../filedir'