8.8
CVE-2023-20272
- EPSS 0.3%
- Published 21.11.2023 19:15:08
- Last modified 21.11.2024 07:41:02
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Identity Services Engine Version3.0.0 Update-
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch1
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch2
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch3
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch4
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch5
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch6
Cisco ≫ Identity Services Engine Version3.0.0 Updatepatch7
Cisco ≫ Identity Services Engine Version3.1 Update-
Cisco ≫ Identity Services Engine Version3.1 Updatepatch1
Cisco ≫ Identity Services Engine Version3.1 Updatepatch2
Cisco ≫ Identity Services Engine Version3.1 Updatepatch3
Cisco ≫ Identity Services Engine Version3.1 Updatepatch4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.507 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@cisco.com | 6.7 | 1.2 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
|
CWE-424 Improper Protection of Alternate Path
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.