ID

VAR-202204-1682


CVE

CVE-2022-20782


TITLE

Cisco Identity Services Engine  Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009363

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system

Trust: 1.8

sources: NVD: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // VULHUB: VHN-405335 // VULMON: CVE-2022-20782

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-009363 // NVD: CVE-2022-20782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20782
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20782
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20782
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202204-2457
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405335
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20782
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20782
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405335
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20782
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-20782
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405335 // VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457 // NVD: CVE-2022-20782 // NVD: CVE-2022-20782

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-266

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405335 // JVNDB: JVNDB-2022-009363 // NVD: CVE-2022-20782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2457

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2457

PATCH

title:cisco-sa-info-exp-YXAWYP3surl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-exp-YXAWYP3s

Trust: 0.8

title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189425

Trust: 0.6

title:Cisco: Cisco Identity Services Engine Sensitive Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-info-exp-YXAWYP3s

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457

EXTERNAL IDS

db:NVDid:CVE-2022-20782

Trust: 3.4

db:JVNDBid:JVNDB-2022-009363

Trust: 0.8

db:CS-HELPid:SB2022040624

Trust: 0.6

db:CNNVDid:CNNVD-202204-2457

Trust: 0.6

db:VULHUBid:VHN-405335

Trust: 0.1

db:VULMONid:CVE-2022-20782

Trust: 0.1

sources: VULHUB: VHN-405335 // VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457 // NVD: CVE-2022-20782

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-info-exp-yxawyp3s

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2022-20782

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2022040624

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20782/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/269.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405335 // VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457 // NVD: CVE-2022-20782

SOURCES

db:VULHUBid:VHN-405335
db:VULMONid:CVE-2022-20782
db:JVNDBid:JVNDB-2022-009363
db:CNNVDid:CNNVD-202204-2457
db:NVDid:CVE-2022-20782

LAST UPDATE DATE

2024-08-14T15:01:03.929000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405335date:2022-04-14T00:00:00
db:VULMONid:CVE-2022-20782date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-009363date:2023-08-04T06:09:00
db:CNNVDid:CNNVD-202204-2457date:2022-04-15T00:00:00
db:NVDid:CVE-2022-20782date:2023-11-07T03:42:56.150

SOURCES RELEASE DATE

db:VULHUBid:VHN-405335date:2022-04-06T00:00:00
db:VULMONid:CVE-2022-20782date:2022-04-06T00:00:00
db:JVNDBid:JVNDB-2022-009363date:2023-08-04T00:00:00
db:CNNVDid:CNNVD-202204-2457date:2022-04-06T00:00:00
db:NVDid:CVE-2022-20782date:2022-04-06T19:15:08.477