Lucene search
China National Vulnerability DatabaseCNVD-2023-40182HistoryMay 20, 2023 - 12:00 a.m.
Cisco Identity Services Engine XML External Entity Injection Vulnerability
2023-05-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
3
cisco
identity services engine
xml
external entity injection
vulnerability
remote attacker
arbitrary files
ssrf attack
cnvd
0.001 Low
EPSS
Percentile
26.2%
Cisco Identity Services Engine (ISE) is an environment-aware platform (ISE Identity Services Engine) from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. An XML external entity injection vulnerability exists in the Cisco Identity Services Engine, which can be exploited by an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack on an affected device.
Related
prion
prion
Server side request forgery (ssrf)
2023-05-18 03:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-20174
2023-05-18 03:15:10
cve
cve
CVE-2023-20174
2023-05-18 03:15:10
cisco
cisco
Cisco Identity Services Engine XML External Entity Injection Vulnerabilities
2023-05-17 16:00:00