Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2023-20272
HistoryNov 21, 2023 - 7:15 p.m.

CVE-2023-20272

2023-11-2119:15:08
CWE-424
cisco
web.nvd.nist.gov
44
cisco
identity services engine
cve-2023-20272
vulnerability
web-based management
file upload
remote attacker
nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

Affected configurations

Nvd
Vulners
Node
ciscoidentity_services_engineMatch3.0.0-
OR
ciscoidentity_services_engineMatch3.0.0patch1
OR
ciscoidentity_services_engineMatch3.0.0patch2
OR
ciscoidentity_services_engineMatch3.0.0patch3
OR
ciscoidentity_services_engineMatch3.0.0patch4
OR
ciscoidentity_services_engineMatch3.0.0patch5
OR
ciscoidentity_services_engineMatch3.0.0patch6
OR
ciscoidentity_services_engineMatch3.0.0patch7
OR
ciscoidentity_services_engineMatch3.1-
OR
ciscoidentity_services_engineMatch3.1patch1
OR
ciscoidentity_services_engineMatch3.1patch2
OR
ciscoidentity_services_engineMatch3.1patch3
OR
ciscoidentity_services_engineMatch3.1patch4
VendorProductVersionCPE
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*
ciscoidentity_services_engine3.0.0cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*
ciscoidentity_services_engine3.1cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
ciscoidentity_services_engine3.1cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
Rows per page:
1-10 of 131

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Identity Services Engine Software",
    "versions": [
      {
        "version": "3.0.0",
        "status": "affected"
      },
      {
        "version": "3.0.0 p1",
        "status": "affected"
      },
      {
        "version": "3.0.0 p2",
        "status": "affected"
      },
      {
        "version": "3.0.0 p3",
        "status": "affected"
      },
      {
        "version": "3.0.0 p4",
        "status": "affected"
      },
      {
        "version": "3.0.0 p5",
        "status": "affected"
      },
      {
        "version": "3.0.0 p6",
        "status": "affected"
      },
      {
        "version": "3.0.0 p7",
        "status": "affected"
      },
      {
        "version": "3.1.0",
        "status": "affected"
      },
      {
        "version": "3.1.0 p1",
        "status": "affected"
      },
      {
        "version": "3.1.0 p3",
        "status": "affected"
      },
      {
        "version": "3.1.0 p4",
        "status": "affected"
      }
    ]
  }
]

Related

prion 1
cnvd 1
nessus 1
nvd 1
cvelist 1
cisco 1
prion
prion
Input validation
2023-11-21 19:15:00
cnvd
cnvd
Cisco Identity Services Engine Arbitrary File Write Vulnerability
2023-11-24 00:00:00
nessus
nessus
Cisco Identity Services Engine Arbitrary File Write (cisco-sa-ise-mult-j-KxpNynR)
2023-11-16 00:00:00
nvd
nvd
CVE-2023-20272
2023-11-21 19:15:08
cvelist
cvelist
CVE-2023-20272
2023-11-21 18:49:16
cisco
cisco
Cisco Identity Services Engine Vulnerabilities
2023-11-15 16:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON
Related for CVE-2023-20272
prion1cnvd1nessus1nvd1cvelist1cisco1