Sign-up

ID

VAR-202211-0485


CVE

CVE-2022-20956


TITLE

Cisco Systems  Cisco Identity Services Engine (ISE)  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"] . (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-20956 // JVNDB: JVNDB-2022-022848 // VULHUB: VHN-405509

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848 // NVD: CVE-2022-20956

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-20956
value: HIGH

Trust: 1.8

ykramarz@cisco.com: CVE-2022-20956
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202211-2101
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-20956
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848 // CNNVD: CNNVD-202211-2101 // NVD: CVE-2022-20956 // NVD: CVE-2022-20956

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848 // NVD: CVE-2022-20956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2101

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2101

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-20956

PATCH
title:cisco-sa-ise-access-contol-EeufSUCxurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-access-contol-eeufsucx
Trust: 0.8
title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213487
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2022-022848 // 
            
            
            
            CNNVD: CNNVD-202211-2101

EXTERNAL IDS
db:NVDid:CVE-2022-20956
Trust: 3.3
db:JVNDBid:JVNDB-2022-022848
Trust: 0.8
db:CNNVDid:CNNVD-202211-2101
Trust: 0.6
db:VULHUBid:VHN-405509
Trust: 0.1
sources:
            
            
            VULHUB: VHN-405509 // 
            
            
            
            JVNDB: JVNDB-2022-022848 // 
            
            
            
            CNNVD: CNNVD-202211-2101 // 
            
            
            
            NVD: CVE-2022-20956

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-access-contol-eeufsucx
Trust: 1.0
url:https://nvd.nist.gov/vuln/detail/cve-2022-20956
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-access-contol-eeufsucx
Trust: 0.7
url:https://cxsecurity.com/cveshow/cve-2022-20956/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-405509 // 
            
            
            
            JVNDB: JVNDB-2022-022848 // 
            
            
            
            CNNVD: CNNVD-202211-2101 // 
            
            
            
            NVD: CVE-2022-20956

SOURCES
db:VULHUBid:VHN-405509
db:JVNDBid:JVNDB-2022-022848
db:CNNVDid:CNNVD-202211-2101
db:NVDid:CVE-2022-20956

LAST UPDATE DATE
2024-01-29T19:05:33.401000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-405509date:2022-11-08T00:00:00
db:JVNDBid:JVNDB-2022-022848date:2023-11-21T02:24:00
db:CNNVDid:CNNVD-202211-2101date:2022-11-09T00:00:00
db:NVDid:CVE-2022-20956date:2024-01-25T17:15:22.277

SOURCES RELEASE DATE
db:VULHUBid:VHN-405509date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022848date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-2101date:2022-11-04T00:00:00
db:NVDid:CVE-2022-20956date:2022-11-04T18:15:11.217