CVE-2023-20167

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*

History

26 May 2023, 14:45

Type Values Removed Values Added
References (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - Vendor Advisory
CPE cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*
First Time Cisco
Cisco identity Services Engine
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.9
CWE CWE-22

Information

Published : 2023-05-18 03:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-20167

Mitre link : CVE-2023-20167

CVE.ORG link : CVE-2023-20167


JSON object : View

Products Affected

cisco

  • identity_services_engine
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24

Path Traversal: '../filedir'