Sign-up

ID

VAR-202211-1027


CVE

CVE-2022-20965


TITLE

Cisco Identity Services Engine  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]] . Cisco Identity Services Engine Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. For more information about these vulnerabilities, see the Details section of this advisory. Cisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx

Trust: 1.8

sources: NVD: CVE-2022-20965 // JVNDB: JVNDB-2022-006004 // VULHUB: VHN-405518 // VULMON: CVE-2022-20965

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:ltversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004 // NVD: CVE-2022-20965

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2022-20965
value: MEDIUM

Trust: 1.8

ykramarz@cisco.com: CVE-2022-20965
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202211-2954
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20965
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004 // CNNVD: CNNVD-202211-2954 // NVD: CVE-2022-20965 // NVD: CVE-2022-20965

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004 // NVD: CVE-2022-20965

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2954

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2954

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2022-20965

PATCH
title:cisco-sa-ise-7Q4TNYUxurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-7q4tnyux
Trust: 0.8
title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=214327
Trust: 0.6
title:Cisco: Cisco Identity Services Engine Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ise-7q4tnyux
Trust: 0.1
sources:
            
            
            VULMON: CVE-2022-20965 // 
            
            
            
            JVNDB: JVNDB-2022-006004 // 
            
            
            
            CNNVD: CNNVD-202211-2954

EXTERNAL IDS
db:NVDid:CVE-2022-20965
Trust: 3.4
db:JVNDBid:JVNDB-2022-006004
Trust: 0.8
db:AUSCERTid:ESB-2022.5984.4
Trust: 0.6
db:AUSCERTid:ESB-2022.5984.2
Trust: 0.6
db:CNNVDid:CNNVD-202211-2954
Trust: 0.6
db:VULHUBid:VHN-405518
Trust: 0.1
db:VULMONid:CVE-2022-20965
Trust: 0.1
sources:
            
            
            VULHUB: VHN-405518 // 
            
            
            
            VULMON: CVE-2022-20965 // 
            
            
            
            JVNDB: JVNDB-2022-006004 // 
            
            
            
            CNNVD: CNNVD-202211-2954 // 
            
            
            
            NVD: CVE-2022-20965

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-7q4tnyux
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2022-20965
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-7q4tnyux
Trust: 0.7
url:https://www.auscert.org.au/bulletins/esb-2022.5984.2
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2022-20965/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2022.5984.4
Trust: 0.6
sources:
            
            
            VULHUB: VHN-405518 // 
            
            
            
            VULMON: CVE-2022-20965 // 
            
            
            
            JVNDB: JVNDB-2022-006004 // 
            
            
            
            CNNVD: CNNVD-202211-2954 // 
            
            
            
            NVD: CVE-2022-20965

SOURCES
db:VULHUBid:VHN-405518
db:VULMONid:CVE-2022-20965
db:JVNDBid:JVNDB-2022-006004
db:CNNVDid:CNNVD-202211-2954
db:NVDid:CVE-2022-20965

LAST UPDATE DATE
2024-01-29T19:24:47.639000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-405518date:2023-01-26T00:00:00
db:JVNDBid:JVNDB-2022-006004date:2023-06-23T08:18:00
db:CNNVDid:CNNVD-202211-2954date:2023-01-28T00:00:00
db:NVDid:CVE-2022-20965date:2024-01-25T17:15:23.133

SOURCES RELEASE DATE
db:VULHUBid:VHN-405518date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2022-006004date:2023-06-23T00:00:00
db:CNNVDid:CNNVD-202211-2954date:2022-11-16T00:00:00
db:NVDid:CVE-2022-20965date:2023-01-20T07:15:11.083