Lucene search

[email protected]CVE-2022-20965

HistoryJan 20, 2023 - 7:15 a.m.

CVE-2022-20965

2023-01-2007:15:11

CWE-648

[email protected]

web.nvd.nist.gov

452

cisco

identity services engine

web-based management

vulnerability

access control

privilege escalation

nvd

cve-2022-20965

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface.

This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted.

{{value}} [“%7b%7bvalue%7d%7d”])}]]

Affected configurations

NVD

Node

ciscoidentity_services_engineRange<2.6.0

ciscoidentity_services_engineMatch2.6.0-

ciscoidentity_services_engineMatch2.6.0patch1

ciscoidentity_services_engineMatch2.6.0patch10

ciscoidentity_services_engineMatch2.6.0patch11

ciscoidentity_services_engineMatch2.6.0patch12

ciscoidentity_services_engineMatch2.6.0patch2

ciscoidentity_services_engineMatch2.6.0patch3

ciscoidentity_services_engineMatch2.6.0patch5

ciscoidentity_services_engineMatch2.6.0patch6

ciscoidentity_services_engineMatch2.6.0patch7

ciscoidentity_services_engineMatch2.6.0patch8

ciscoidentity_services_engineMatch2.6.0patch9

ciscoidentity_services_engineMatch2.7.0-

ciscoidentity_services_engineMatch2.7.0patch1

ciscoidentity_services_engineMatch2.7.0patch2

ciscoidentity_services_engineMatch2.7.0patch3

ciscoidentity_services_engineMatch2.7.0patch4

ciscoidentity_services_engineMatch2.7.0patch5

ciscoidentity_services_engineMatch2.7.0patch6

ciscoidentity_services_engineMatch2.7.0patch7

ciscoidentity_services_engineMatch3.0.0-

ciscoidentity_services_engineMatch3.0.0patch1

ciscoidentity_services_engineMatch3.0.0patch2

ciscoidentity_services_engineMatch3.0.0patch3

ciscoidentity_services_engineMatch3.0.0patch4

ciscoidentity_services_engineMatch3.0.0patch5

ciscoidentity_services_engineMatch3.0.0patch6

ciscoidentity_services_engineMatch3.1-

ciscoidentity_services_engineMatch3.1patch1

ciscoidentity_services_engineMatch3.1patch3

ciscoidentity_services_engineMatch3.1patch4

ciscoidentity_services_engineMatch3.2-

CPENameOperatorVersion
cisco:identity_services_enginecisco identity services enginelt2.6.0
cisco:identity_services_enginecisco identity services engineeq2.7.0
cisco:identity_services_enginecisco identity services engineeq3.0.0
cisco:identity_services_enginecisco identity services engineeq3.1
cisco:identity_services_enginecisco identity services engineeq3.2

CPE	Name	Operator	Version
cisco:identity_services_engine	cisco identity services engine	lt	2.6.0
cisco:identity_services_engine	cisco identity services engine	eq	2.7.0
cisco:identity_services_engine	cisco identity services engine	eq	3.0.0
cisco:identity_services_engine	cisco identity services engine	eq	3.1
cisco:identity_services_engine	cisco identity services engine	eq	3.2

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Identity Services Engine Software",
    "versions": [
      {
        "version": "2.6.0",
        "status": "affected"
      },
      {
        "version": "2.6.0 p1",
        "status": "affected"
      },
      {
        "version": "2.6.0 p2",
        "status": "affected"
      },
      {
        "version": "2.6.0 p3",
        "status": "affected"
      },
      {
        "version": "2.6.0 p5",
        "status": "affected"
      },
      {
        "version": "2.6.0 p6",
        "status": "affected"
      },
      {
        "version": "2.6.0 p7",
        "status": "affected"
      },
      {
        "version": "2.6.0 p8",
        "status": "affected"
      },
      {
        "version": "2.6.0 p9",
        "status": "affected"
      },
      {
        "version": "2.6.0 p10",
        "status": "affected"
      },
      {
        "version": "2.6.0 p11",
        "status": "affected"
      },
      {
        "version": "2.6.0 p12",
        "status": "affected"
      },
      {
        "version": "2.7.0",
        "status": "affected"
      },
      {
        "version": "2.7.0 p1",
        "status": "affected"
      },
      {
        "version": "2.7.0 p2",
        "status": "affected"
      },
      {
        "version": "2.7.0 p3",
        "status": "affected"
      },
      {
        "version": "2.7.0 p4",
        "status": "affected"
      },
      {
        "version": "2.7.0 p5",
        "status": "affected"
      },
      {
        "version": "2.7.0 p6",
        "status": "affected"
      },
      {
        "version": "2.7.0 p7",
        "status": "affected"
      },
      {
        "version": "3.0.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p3",
        "status": "affected"
      },
      {
        "version": "3.0.0 p4",
        "status": "affected"
      },
      {
        "version": "3.0.0 p5",
        "status": "affected"
      },
      {
        "version": "3.0.0 p6",
        "status": "affected"
      },
      {
        "version": "3.1.0",
        "status": "affected"
      },
      {
        "version": "3.1.0 p1",
        "status": "affected"
      },
      {
        "version": "3.1.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p5",
        "status": "affected"
      },
      {
        "version": "3.2.0",
        "status": "affected"
      }
    ]
  }
]