CVE-2023-20167

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: May 18, 2023
Updated: May 27, 2023
CVE: CVE-2023-20167
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine	3.1	3.1.x
cisco / identity_services_engine	3.1-patch1	3.1-patch1.x
cisco / identity_services_engine	3.1-patch3	3.1-patch3.x
cisco / identity_services_engine	3.2	3.2.x
cisco / identity_services_engine	3.1-patch4	3.1-patch4.x
cisco / identity_services_engine	3.1-patch5	3.1-patch5.x
cisco / identity_services_engine	3.2-patch1	3.2-patch1.x
cisco / identity_services_engine	3.1-patch6	3.1-patch6.x
cisco / identity_services_engine	-	3.1

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-traversal-ZTUgMYhu

Vulnerability Database

289,599

CVE-2023-20167