// For flags

CVE-2022-20967

 

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface.
This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks.
Cisco has not yet released software updates that address this vulnerability.

Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine podría permitir que un atacante remoto autenticado realice ataques de cross-site scripting contra otros usuarios de la interfaz de administración basada en web de la aplicación. Esta vulnerabilidad se debe a una validación inadecuada de la entrada a una función de la aplicación antes del almacenamiento dentro de la interfaz de administración basada en web. Un atacante podría aprovechar esta vulnerabilidad creando entradas dentro de la interfaz de la aplicación que contengan código HTML o script malicioso. Un exploit exitoso podría permitir al atacante almacenar código HTML o script malicioso dentro de la interfaz de la aplicación para usarlo en futuros ataques de cross-site scripting. Cisco aún no ha publicado actualizaciones de software que aborden esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-11-02 CVE Reserved
  • 2023-01-18 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-08-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
< 2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version " < 2.6.0"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch1
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch10
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch11
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch12
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch2
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch3
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch5
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch6
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch7
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch8
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.6.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0"
patch9
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch1
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch2
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch3
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch4
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch5
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch6
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
2.7.0
Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0"
patch7
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch1
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch2
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch3
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch4
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch5
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.0.0
Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"
patch6
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
-
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
patch1
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
patch3
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.1
Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"
patch4
Affected
Cisco
Search vendor "Cisco"
Identity Services Engine
Search vendor "Cisco" for product "Identity Services Engine"
3.2
Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"
-
Affected