ID

VAR-202211-1027


CVE

CVE-2022-20965


TITLE

Cisco Identity Services Engine  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]] . Cisco Identity Services Engine Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. For more information about these vulnerabilities, see the Details section of this advisory. Cisco plans to release software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx

Trust: 1.8

sources: NVD: CVE-2022-20965 // JVNDB: JVNDB-2022-006004 // VULHUB: VHN-405518 // VULMON: CVE-2022-20965

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:ltversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.2

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.0.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.7.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.6.0

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:3.1

Trust: 1.0

vendor:シスコシステムズmodel:cisco identity services enginescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco identity services enginescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004 // NVD: CVE-2022-20965

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20965
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20965
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20965
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202211-2954
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-20965
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20965
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20965
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004 // CNNVD: CNNVD-202211-2954 // NVD: CVE-2022-20965 // NVD: CVE-2022-20965

PROBLEMTYPE DATA

problemtype:CWE-648

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-006004 // NVD: CVE-2022-20965

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202211-2954

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202211-2954

PATCH

title:cisco-sa-ise-7Q4TNYUxurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx

Trust: 0.8

title:Cisco Identity Services Engine Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=214327

Trust: 0.6

title:Cisco: Cisco Identity Services Engine Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ise-7Q4TNYUx

Trust: 0.1

sources: VULMON: CVE-2022-20965 // JVNDB: JVNDB-2022-006004 // CNNVD: CNNVD-202211-2954

EXTERNAL IDS

db:NVDid:CVE-2022-20965

Trust: 3.4

db:JVNDBid:JVNDB-2022-006004

Trust: 0.8

db:AUSCERTid:ESB-2022.5984.4

Trust: 0.6

db:AUSCERTid:ESB-2022.5984.2

Trust: 0.6

db:CNNVDid:CNNVD-202211-2954

Trust: 0.6

db:VULHUBid:VHN-405518

Trust: 0.1

db:VULMONid:CVE-2022-20965

Trust: 0.1

sources: VULHUB: VHN-405518 // VULMON: CVE-2022-20965 // JVNDB: JVNDB-2022-006004 // CNNVD: CNNVD-202211-2954 // NVD: CVE-2022-20965

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-7q4tnyux

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-20965

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ise-7q4tnyux

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.5984.2

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20965/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5984.4

Trust: 0.6

sources: VULHUB: VHN-405518 // VULMON: CVE-2022-20965 // JVNDB: JVNDB-2022-006004 // CNNVD: CNNVD-202211-2954 // NVD: CVE-2022-20965

SOURCES

db:VULHUBid:VHN-405518
db:VULMONid:CVE-2022-20965
db:JVNDBid:JVNDB-2022-006004
db:CNNVDid:CNNVD-202211-2954
db:NVDid:CVE-2022-20965

LAST UPDATE DATE

2024-08-14T13:21:31.001000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405518date:2023-01-26T00:00:00
db:JVNDBid:JVNDB-2022-006004date:2023-06-23T08:18:00
db:CNNVDid:CNNVD-202211-2954date:2023-01-28T00:00:00
db:NVDid:CVE-2022-20965date:2024-01-25T17:15:23.133

SOURCES RELEASE DATE

db:VULHUBid:VHN-405518date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2022-006004date:2023-06-23T00:00:00
db:CNNVDid:CNNVD-202211-2954date:2022-11-16T00:00:00
db:NVDid:CVE-2022-20965date:2023-01-20T07:15:11.083