Server side request forgery (ssrf)

2023-05-1803:15:00

PRIOn knowledge base

www.prio-n.com

server side request forgery

cisco identity services engine

authenticated attacker

remote access

administrator credentials

arbitrary file access

web-based management

nvd advisory

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.7%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CPENameOperatorVersion
identity_services_enginelt3.0.0
identity_services_engineeq3.0.0
identity_services_engineeq3.0.0 patch1
identity_services_engineeq3.1
identity_services_engineeq3.0.0 patch2
identity_services_engineeq3.0.0 patch3
identity_services_engineeq3.0.0 patch4
identity_services_engineeq3.1 patch1
identity_services_engineeq3.0.0 patch5
identity_services_engineeq3.0.0 patch6

Name	Operator	Version
identity_services_engine	lt	3.0.0
identity_services_engine	eq	3.0.0
identity_services_engine	eq	3.0.0 patch1
identity_services_engine	eq	3.1
identity_services_engine	eq	3.0.0 patch2
identity_services_engine	eq	3.0.0 patch3
identity_services_engine	eq	3.0.0 patch4
identity_services_engine	eq	3.1 patch1
identity_services_engine	eq	3.0.0 patch5
identity_services_engine	eq	3.0.0 patch6