Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2023-20208
HistoryNov 21, 2023 - 7:15 p.m.

CVE-2023-20208

2023-11-2119:15:08
CWE-79
CWE-87
cisco
web.nvd.nist.gov
38
cisco
ise
vulnerability
web-based management
xss
nvd

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device.

Affected configurations

Nvd
Vulners
Node
ciscoidentity_services_engineMatch3.0.0-
OR
ciscoidentity_services_engineMatch3.0.0patch1
OR
ciscoidentity_services_engineMatch3.0.0patch2
OR
ciscoidentity_services_engineMatch3.0.0patch3
OR
ciscoidentity_services_engineMatch3.0.0patch4
OR
ciscoidentity_services_engineMatch3.0.0patch5
OR
ciscoidentity_services_engineMatch3.0.0patch6
OR
ciscoidentity_services_engineMatch3.0.0patch7
OR
ciscoidentity_services_engineMatch3.1-
OR
ciscoidentity_services_engineMatch3.1patch1
OR
ciscoidentity_services_engineMatch3.1patch2
OR
ciscoidentity_services_engineMatch3.1patch3
OR
ciscoidentity_services_engineMatch3.1patch4
OR
ciscoidentity_services_engineMatch3.1patch5
OR
ciscoidentity_services_engineMatch3.2-
VendorProductVersionCPE
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*
ciscoidentity_services_engine3.1cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
ciscoidentity_services_engine3.1cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
Rows per page:
1-10 of 151

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Identity Services Engine Software",
    "versions": [
      {
        "version": "3.0.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p3",
        "status": "affected"
      },
      {
        "version": "3.0.0 p4",
        "status": "affected"
      },
      {
        "version": "3.0.0 p5",
        "status": "affected"
      },
      {
        "version": "3.0.0 p6",
        "status": "affected"
      },
      {
        "version": "3.0.0 p7",
        "status": "affected"
      },
      {
        "version": "3.1.0",
        "status": "affected"
      },
      {
        "version": "3.1.0 p1",
        "status": "affected"
      },
      {
        "version": "3.1.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0 p4",
        "status": "affected"
      },
      {
        "version": "3.1.0 p5",
        "status": "affected"
      }
    ]
  }
]

Related

cvelist 1
nessus 1
nvd 1
cnvd 1
prion 1
cisco 1
cvelist
cvelist
CVE-2023-20208
2023-11-21 18:48:44
nessus
nessus
Cisco Identity Services Engine XSS (cisco-sa-ise-mult-j-KxpNynR)
2023-11-16 00:00:00
nvd
nvd
CVE-2023-20208
2023-11-21 19:15:08
cnvd
cnvd
Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2023-93326)
2023-11-24 00:00:00
prion
prion
Design/Logic Flaw
2023-11-21 19:15:00
cisco
cisco
Cisco Identity Services Engine Vulnerabilities
2023-11-15 16:00:00

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

18.0%

JSON
Related for CVE-2023-20208
cvelist1nessus1nvd1cnvd1prion1cisco1