CVE-2023-20106

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: May 18, 2023
Updated: May 27, 2023
CVE: CVE-2023-20106
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine	3.1	3.1.x
cisco / identity_services_engine	3.1-patch1	3.1-patch1.x
cisco / identity_services_engine	3.1-patch3	3.1-patch3.x
cisco / identity_services_engine	3.2	3.2.x
cisco / identity_services_engine	3.1-patch4	3.1-patch4.x
cisco / identity_services_engine	3.1-patch5	3.1-patch5.x
cisco / identity_services_engine	3.2-patch1	3.2-patch1.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-delete-read-PK5ghDDd

Vulnerability Database

289,599

CVE-2023-20106