// For flags

CVE-2022-20965

 

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface.
This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted.

{{value}} ["%7b%7bvalue%7d%7d"])}]]

Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine podría permitir que un atacante remoto autenticado realice acciones de privilegios dentro de la interfaz de administración basada en web. Esta vulnerabilidad se debe a un control de acceso inadecuado a una función dentro de la interfaz de administración basada en web del sistema afectado. Un atacante podría aprovechar esta vulnerabilidad accediendo a funciones a través de solicitudes directas, evitando las comprobaciones dentro de la aplicación. Un exploit exitoso podría permitir al atacante realizar acciones privilegiadas dentro de la interfaz de administración basada en web que de otro modo deberían estar restringidas. {{valor}} ["%7b%7bvalor%7d%7d"])}]]

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-11-02 CVE Reserved
  • 2023-01-18 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-648: Incorrect Use of Privileged APIs
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 < 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version " < 2.6.0"
-
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
-
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch1
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch10
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch11
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch12
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch2
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch3
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch5
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch6
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch7
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch8
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch9
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
-
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch1
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch2
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch3
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch4
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch5
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch6
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch7
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
-
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch1
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch2
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch3
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch4
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch5
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch6
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
-
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
patch1
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
patch3
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
patch4
Affected
Cisco
Search vendor "Cisco"
 Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
 3.2
Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"
-
Affected