Vulnerabilities > CVE-2023-20272 - Unspecified vulnerability in Cisco Identity Services Engine 3.0.0/3.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

NVD

Published: 2023-11-21

Updated: 2024-01-25

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Identity Services Engine 3.0.0 Cisco Identity Services Engine 3.1	13

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR