Vulnerabilities > CVE-2022-20965 - Unspecified vulnerability in Cisco Identity Services Engine

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

cisco

NVD

Published: 2023-01-20

Updated: 2024-01-25

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Identity Services Engine 1.2\(1.199\) Cisco Identity Services Engine 1.3\(0.722\) Cisco Identity Services Engine 1.3\(0.909\) Cisco Identity Services Engine 1.3\(106.146\) Cisco Identity Services Engine 1.3\(120.135\) Cisco Identity Services Engine 2.0\(0.234\) Cisco Identity Services Engine 2.0\(0.249\) Cisco Identity Services Engine 2.0\(0.306\) Cisco Identity Services Engine 2.1\(0.474\) Cisco Identity Services Engine 2.1\(0.476\) Cisco Identity Services Engine 2.1\(0.800\) Cisco Identity Services Engine 2.1\(102.101\) Cisco Identity Services Engine 2.1\(102.103\) Cisco Identity Services Engine 2.1_Base Cisco Identity Services Engine 2.2\(0.283\) Cisco Identity Services Engine 2.2\(0.470\) Cisco Identity Services Engine 2.2\(0.471\) Cisco Identity Services Engine 2.2\(0.903\) Cisco Identity Services Engine 2.2\(0.910\) Cisco Identity Services Engine 2.2.0 Cisco Identity Services Engine 2.3\(0.151\) Cisco Identity Services Engine 2.3\(0.298\) Cisco Identity Services Engine 2.4\(0.192\) Cisco Identity Services Engine 2.4\(0.901\) Cisco Identity Services Engine 2.4\(0.901.1\) Cisco Identity Services Engine 2.4\(0.903\) Cisco Identity Services Engine 002.004\(000.914\) Cisco Identity Services Engine 2.4.0 Cisco Identity Services Engine 2.4.0.357 Cisco Identity Services Engine 2.5\(0.1\) Cisco Identity Services Engine 002.006\(000.156\) Cisco Identity Services Engine 2.6\(0.999\) Cisco Identity Services Engine 2.6.0 Cisco Identity Services Engine 2.7.0 Cisco Identity Services Engine 3.0.0 Cisco Identity Services Engine 3.1 Cisco Identity Services Engine 3.2	70

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx