ID

VAR-202206-1231


CVE

CVE-2022-20733


TITLE

Cisco Identity Services Engine  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011654

DESCRIPTION

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions. (DoS) It may be in a state. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.8

sources: NVD: CVE-2022-20733 // JVNDB: JVNDB-2022-011654 // VULHUB: VHN-405286 // VULMON: CVE-2022-20733

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-011654 // NVD: CVE-2022-20733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20733
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20733
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20733
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202206-1537
value: CRITICAL

Trust: 0.6

VULHUB: VHN-405286
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-20733
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-20733
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-405286
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-20733
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20733
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20733
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405286 // VULMON: CVE-2022-20733 // JVNDB: JVNDB-2022-011654 // CNNVD: CNNVD-202206-1537 // NVD: CVE-2022-20733 // NVD: CVE-2022-20733

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405286 // JVNDB: JVNDB-2022-011654 // NVD: CVE-2022-20733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1537

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1537

PATCH

title:cisco-sa-ISE-SAML-nuukMPf9url:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9

Trust: 0.8

title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247275

Trust: 0.6

title:Cisco: Cisco Identity Services Engine Authentication Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ISE-SAML-nuukMPf9

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: VULMON: CVE-2022-20733 // JVNDB: JVNDB-2022-011654 // CNNVD: CNNVD-202206-1537

EXTERNAL IDS

db:NVDid:CVE-2022-20733

Trust: 3.4

db:JVNDBid:JVNDB-2022-011654

Trust: 0.8

db:CNNVDid:CNNVD-202206-1537

Trust: 0.7

db:AUSCERTid:ESB-2022.2964

Trust: 0.6

db:CNVDid:CNVD-2022-55666

Trust: 0.1

db:VULHUBid:VHN-405286

Trust: 0.1

db:VULMONid:CVE-2022-20733

Trust: 0.1

sources: VULHUB: VHN-405286 // VULMON: CVE-2022-20733 // JVNDB: JVNDB-2022-011654 // CNNVD: CNNVD-202206-1537 // NVD: CVE-2022-20733

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-saml-nuukmpf9

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20733

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2022.2964

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20733/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: VULHUB: VHN-405286 // VULMON: CVE-2022-20733 // JVNDB: JVNDB-2022-011654 // CNNVD: CNNVD-202206-1537 // NVD: CVE-2022-20733

SOURCES

db:VULHUBid:VHN-405286
db:VULMONid:CVE-2022-20733
db:JVNDBid:JVNDB-2022-011654
db:CNNVDid:CNNVD-202206-1537
db:NVDid:CVE-2022-20733

LAST UPDATE DATE

2024-08-14T14:49:44.238000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405286date:2022-06-24T00:00:00
db:VULMONid:CVE-2022-20733date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-011654date:2023-08-23T07:22:00
db:CNNVDid:CNNVD-202206-1537date:2023-07-25T00:00:00
db:NVDid:CVE-2022-20733date:2023-11-07T03:42:47.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-405286date:2022-06-15T00:00:00
db:VULMONid:CVE-2022-20733date:2022-06-15T00:00:00
db:JVNDBid:JVNDB-2022-011654date:2023-08-23T00:00:00
db:CNNVDid:CNNVD-202206-1537date:2022-06-15T00:00:00
db:NVDid:CVE-2022-20733date:2022-06-15T18:15:08.773