CVE-2022-20937
https://notcve.org/view.php?id=CVE-2022-20937
A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking actions that cause Cisco ISE Software to receive specific RADIUS traffic. A successful and sustained exploit of this vulnerability could allow the attacker to cause reduced performance of the affected device, resulting in significant delays to RADIUS authentications. There are workarounds that address this vulnerability. Una vulnerabilidad en una función que monitoriza las solicitudes RADIUS en el software Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto no autenticado afecte negativamente el rendimiento de un dispositivo afectado. Esta vulnerabilidad se debe a una gestión insuficiente de los recursos del sistema. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-sec-atk-dos-zw5RCUYp • CWE-400: Uncontrolled Resource Consumption CWE-410: Insufficient Resource Pool •
CVE-2022-20961
https://notcve.org/view.php?id=CVE-2022-20961
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user. Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Request Forgery (CSRF) y realice acciones arbitrarias en un dispositivo afectado. Esta vulnerabilidad se debe a protecciones CSRF insuficientes para la interfaz de administración basada en web de un dispositivo afectado. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-vgNtTpAs • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-20959 – Cisco Identity Services Engine Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-20959
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Una vulnerabilidad en la API de Servicios Externos RESTful (ERS) del software Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto autenticado realizar un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz de un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-cross-site-scripting • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-20914 – Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-20914
A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to obtain sensitive information, including administrative credentials for an external authentication server. Note: To successfully exploit this vulnerability, the attacker must have valid ERS administrative credentials. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pwd-WH64AhQF • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •
CVE-2022-20756 – Cisco Identity Services Engine RADIUS Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-20756
A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-dos-JLh9TxBp • CWE-399: Resource Management Errors •