Input validation

2023-11-2119:15:00

PRIOn knowledge base

www.prio-n.com

cisco identity services engine

web-based management

file upload

remote attacker

input validation

server-side information

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.8%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

CPENameOperatorVersion
identity_services_engineeq3.0.0
identity_services_engineeq3.0.0 patch1
identity_services_engineeq3.1
identity_services_engineeq3.0.0 patch2
identity_services_engineeq3.0.0 patch3
identity_services_engineeq3.0.0 patch4
identity_services_engineeq3.1 patch1
identity_services_engineeq3.0.0 patch5
identity_services_engineeq3.1 patch2
identity_services_engineeq3.0.0 patch6

Name	Operator	Version
identity_services_engine	eq	3.0.0
identity_services_engine	eq	3.0.0 patch1
identity_services_engine	eq	3.1
identity_services_engine	eq	3.0.0 patch2
identity_services_engine	eq	3.0.0 patch3
identity_services_engine	eq	3.0.0 patch4
identity_services_engine	eq	3.1 patch1
identity_services_engine	eq	3.0.0 patch5
identity_services_engine	eq	3.1 patch2
identity_services_engine	eq	3.0.0 patch6