Lucene search

CiscoCVELIST:CVE-2020-27122

HistoryNov 06, 2020 - 6:15 p.m.

CVE-2020-27122 Cisco Identity Services Engine Privilege Escalation Vulnerability

2020-11-0618:15:43

CWE-266

cisco

www.cve.org

cisco

ise

privilege escalation

vulnerability

microsoft active directory integration

elevated privileges

administrator account

incorrect privilege assignment

exploit

root privileges

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploit could allow the attacker to obtain root privileges on an affected device.

CNA Affected

[
  {
    "product": "Cisco Identity Services Engine Software",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-fNZX8hHj

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2020-27122