Details of VAR-202204-1682

ID

VAR-202204-1682

CVE

CVE-2022-20782

TITLE

Cisco Identity Services Engine Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-009363

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system

Trust: 1.8

sources: NVD: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // VULHUB: VHN-405335 // VULMON: CVE-2022-20782

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.7.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	2.6.0	Trust: 1.0
vendor:	cisco	model:	identity services engine	scope:	eq	version:	3.1	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco identity services engine	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco identity services engine	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-009363 // NVD: CVE-2022-20782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20782
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2022-20782
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-20782
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202204-2457
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-405335
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2022-20782
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2022-20782
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-405335
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-20782
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2022-20782
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-405335 // VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457 // NVD: CVE-2022-20782 // NVD: CVE-2022-20782

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.1
problemtype:	CWE-266	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-405335 // JVNDB: JVNDB-2022-009363 // NVD: CVE-2022-20782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2457

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202204-2457

PATCH

title:	cisco-sa-info-exp-YXAWYP3s	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-info-exp-YXAWYP3s	Trust: 0.8
title:	Cisco Identity Services Engine Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189425	Trust: 0.6
title:	Cisco: Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-info-exp-YXAWYP3s	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20782	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-009363	Trust: 0.8
db:	CS-HELP	id:	SB2022040624	Trust: 0.6
db:	CNNVD	id:	CNNVD-202204-2457	Trust: 0.6
db:	VULHUB	id:	VHN-405335	Trust: 0.1
db:	VULMON	id:	CVE-2022-20782	Trust: 0.1

sources: VULHUB: VHN-405335 // VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457 // NVD: CVE-2022-20782

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-info-exp-yxawyp3s	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20782	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022040624	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20782/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: VULHUB: VHN-405335 // VULMON: CVE-2022-20782 // JVNDB: JVNDB-2022-009363 // CNNVD: CNNVD-202204-2457 // NVD: CVE-2022-20782

SOURCES

db:	VULHUB	id:	VHN-405335
db:	VULMON	id:	CVE-2022-20782
db:	JVNDB	id:	JVNDB-2022-009363
db:	CNNVD	id:	CNNVD-202204-2457
db:	NVD	id:	CVE-2022-20782

LAST UPDATE DATE

2024-08-14T15:01:03.929000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-405335	date:	2022-04-14T00:00:00
db:	VULMON	id:	CVE-2022-20782	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2022-009363	date:	2023-08-04T06:09:00
db:	CNNVD	id:	CNNVD-202204-2457	date:	2022-04-15T00:00:00
db:	NVD	id:	CVE-2022-20782	date:	2023-11-07T03:42:56.150

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-405335	date:	2022-04-06T00:00:00
db:	VULMON	id:	CVE-2022-20782	date:	2022-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2022-009363	date:	2023-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202204-2457	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2022-20782	date:	2022-04-06T19:15:08.477