CVE-2022-20967
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface.
This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks.
Cisco has not yet released software updates that address this vulnerability.
Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine podría permitir que un atacante remoto autenticado realice ataques de cross-site scripting contra otros usuarios de la interfaz de administración basada en web de la aplicación. Esta vulnerabilidad se debe a una validación inadecuada de la entrada a una función de la aplicación antes del almacenamiento dentro de la interfaz de administración basada en web. Un atacante podría aprovechar esta vulnerabilidad creando entradas dentro de la interfaz de la aplicación que contengan código HTML o script malicioso. Un exploit exitoso podría permitir al atacante almacenar código HTML o script malicioso dentro de la interfaz de la aplicación para usarlo en futuros ataques de cross-site scripting. Cisco aún no ha publicado actualizaciones de software que aborden esta vulnerabilidad.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2023-01-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | < 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version " < 2.6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch10 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch11 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch12 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch5 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch6 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch7 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch8 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.6.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.6.0" | patch9 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch4 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch5 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch6 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 2.7.0 Search vendor "Cisco" for product "Identity Services Engine" and version "2.7.0" | patch7 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch2 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch4 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch5 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0" | patch6 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1" | patch1 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1" | patch3 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1" | patch4 |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine" | 3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2" | - |
Affected
| ||||||