ID

VAR-202211-0485


CVE

CVE-2022-20956


TITLE

Cisco Systems  Cisco Identity Services Engine (ISE)  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"] . (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-20956 // JVNDB: JVNDB-2022-022848 // VULHUB: VHN-405509

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion:3.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848 // NVD: CVE-2022-20956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20956
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20956
value: HIGH

Trust: 1.0

NVD: CVE-2022-20956
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202211-2101
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-20956
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20956
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2022-20956
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848 // CNNVD: CNNVD-202211-2101 // NVD: CVE-2022-20956 // NVD: CVE-2022-20956

PROBLEMTYPE DATA

problemtype:CWE-648

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-022848 // NVD: CVE-2022-20956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2101

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2101

PATCH

title:cisco-sa-ise-access-contol-EeufSUCxurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx

Trust: 0.8

title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=213487

Trust: 0.6

sources: JVNDB: JVNDB-2022-022848 // CNNVD: CNNVD-202211-2101

EXTERNAL IDS

db:NVDid:CVE-2022-20956

Trust: 3.3

db:JVNDBid:JVNDB-2022-022848

Trust: 0.8

db:CNNVDid:CNNVD-202211-2101

Trust: 0.6

db:VULHUBid:VHN-405509

Trust: 0.1

sources: VULHUB: VHN-405509 // JVNDB: JVNDB-2022-022848 // CNNVD: CNNVD-202211-2101 // NVD: CVE-2022-20956

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-access-contol-eeufsucx

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-20956

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-access-contol-eeufsucx

Trust: 0.7

url:https://cxsecurity.com/cveshow/cve-2022-20956/

Trust: 0.6

sources: VULHUB: VHN-405509 // JVNDB: JVNDB-2022-022848 // CNNVD: CNNVD-202211-2101 // NVD: CVE-2022-20956

SOURCES

db:VULHUBid:VHN-405509
db:JVNDBid:JVNDB-2022-022848
db:CNNVDid:CNNVD-202211-2101
db:NVDid:CVE-2022-20956

LAST UPDATE DATE

2024-08-14T13:52:55.522000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405509date:2022-11-08T00:00:00
db:JVNDBid:JVNDB-2022-022848date:2023-11-21T02:24:00
db:CNNVDid:CNNVD-202211-2101date:2022-11-09T00:00:00
db:NVDid:CVE-2022-20956date:2024-01-25T17:15:22.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-405509date:2022-11-04T00:00:00
db:JVNDBid:JVNDB-2022-022848date:2023-11-21T00:00:00
db:CNNVDid:CNNVD-202211-2101date:2022-11-04T00:00:00
db:NVDid:CVE-2022-20956date:2022-11-04T18:15:11.217