ID

VAR-202211-0386


CVE

CVE-2022-20962


TITLE

Cisco Systems  Cisco Identity Services Engine (ISE)  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022839

DESCRIPTION

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system. Using this method, it is possible to access the underlying operating system and execute commands with system privileges. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-20962 // JVNDB: JVNDB-2022-022839 // VULHUB: VHN-405515

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022839 // NVD: CVE-2022-20962

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20962
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20962
value: LOW

Trust: 1.0

NVD: CVE-2022-20962
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-2097
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-20962
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20962
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2022-20962
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022839 // CNNVD: CNNVD-202211-2097 // NVD: CVE-2022-20962 // NVD: CVE-2022-20962

PROBLEMTYPE DATA

problemtype:CWE-37

Trust: 1.0

problemtype:CWE-22

Trust: 1.0

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-405515 // JVNDB: JVNDB-2022-022839 // NVD: CVE-2022-20962

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2097

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202211-2097

PATCH

title:cisco-sa-ise-path-trav-f6M7cs6rurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-f6M7cs6r

Trust: 0.8

title:Cisco Identity Services Engine Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213485

Trust: 0.6

sources: JVNDB: JVNDB-2022-022839 // CNNVD: CNNVD-202211-2097

EXTERNAL IDS

db:NVDid:CVE-2022-20962

Trust: 3.3

db:JVNDBid:JVNDB-2022-022839

Trust: 0.8

db:CNNVDid:CNNVD-202211-2097

Trust: 0.6

db:VULHUBid:VHN-405515

Trust: 0.1

sources: VULHUB: VHN-405515 // JVNDB: JVNDB-2022-022839 // CNNVD: CNNVD-202211-2097 // NVD: CVE-2022-20962

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-path-trav-f6m7cs6r

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20962

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-path-trav-f6m7cs6r

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-20962/

Trust: 0.6

sources: VULHUB: VHN-405515 // JVNDB: JVNDB-2022-022839 // CNNVD: CNNVD-202211-2097 // NVD: CVE-2022-20962

SOURCES

db:VULHUBid:VHN-405515
db:JVNDBid:JVNDB-2022-022839
db:CNNVDid:CNNVD-202211-2097
db:NVDid:CVE-2022-20962

LAST UPDATE DATE

2024-08-14T14:37:11.371000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405515date:2022-11-08T00:00:00
db:JVNDBid:JVNDB-2022-022839date:2023-11-21T01:54:00
db:CNNVDid:CNNVD-202211-2097date:2022-11-09T00:00:00
db:NVDid:CVE-2022-20962date:2024-01-25T17:15:22.763

SOURCES RELEASE DATE

db:VULHUBid:VHN-405515date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022839date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-2097date:2022-11-04T00:00:00
db:NVDid:CVE-2022-20962date:2022-11-04T18:15:11.460