CVE-2023-20172
18.05.2023, 03:15
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | identity_services_engine | 3.1 |
| cisco | identity_services_engine | 3.1:patch1 |
| cisco | identity_services_engine | 3.1:patch3 |
| cisco | identity_services_engine | 3.1:patch4 |
| cisco | identity_services_engine | 3.1:patch5 |
| cisco | identity_services_engine | 3.2 |
| cisco | identity_services_engine | 3.2:patch1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-602 - Client-Side Enforcement of Server-Side SecurityThe product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.