CVE-2023-20167

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20167
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*
History

26 May 2023, 14:45

Type Values Removed Values Added
References (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.9
CWE CWE-22
CPE cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
First Time Cisco
Cisco identity Services Engine

18 May 2023, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-18 03:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-20167

Mitre link : CVE-2023-20167

CVE.ORG link : CVE-2023-20167

JSON object : View

Products Affected

cisco

  • identity_services_engine
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-24

Path Traversal: '../filedir'