CVE-2022-20965

Опубликовано: 20 янв. 2023

Источник: nvd

CVSS3: 4.3

CVSS3: 5.4

EPSS Низкий

Описание

This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted.

{{value}} ["%7b%7bvalue%7d%7d"])}]]

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*

Версия до 2.6.0 (исключая)

cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch11:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch12:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*

cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00201

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-648

NVD-CWE-Other

Связанные уязвимости

GHSA-h3gc-m3gf-r5pr

CVSS3: 5.4

github

около 3 лет назад

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]]

BDU:2022-07123

CVSS3: 4.3

fstec

около 3 лет назад

Уязвимость веб-интерфейса управления платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю обойти ограничения безопасности и повысить свои привилегии

EPSS

Процентиль: 42%

0.00201

Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-648

NVD-CWE-Other