CVE-2023-20194

Severity Score

4.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings.

Una vulnerabilidad en la API ERS de Cisco ISE podría permitir a un atacante remoto autenticado leer archivos arbitrarios en el sistema operativo subyacente de un dispositivo afectado. Para explotar esta vulnerabilidad, un atacante debe tener privilegios válidos a nivel de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una gestión inadecuada de privilegios en la API ERS. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud manipulada a un dispositivo afectado. Un exploit exitoso podría permitir al atacante elevar sus privilegios más allá de la esfera de su nivel de acceso previsto, lo que le permitiría obtener información sensible del sistema operativo subyacente. Nota: El ERS no está habilitado por defecto. Para verificar el estado de la API ERS en la GUI Admin, seleccione Administración - Configuración - Configuración de API - Configuración del servicio de la API.

*Credits: N/A

CVSS Scores

NISTv3.1 4.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-27 CVE Reserved
2023-09-07 CVE Published
2024-08-02 CVE Updated
2024-09-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-268: Privilege Chaining
CWE-269: Improper Privilege Management

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				<= 2.7 Search vendor "Cisco" for product "Identity Services Engine" and version " <= 2.7"		-		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		-		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch1		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch2		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch3		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch4		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch5		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch6		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.0.0 Search vendor "Cisco" for product "Identity Services Engine" and version "3.0.0"		patch7		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		-		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch1		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch3		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch4		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch5		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch6		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.1 Search vendor "Cisco" for product "Identity Services Engine" and version "3.1"		patch7		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"		-		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"		patch1		Affected
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				3.2 Search vendor "Cisco" for product "Identity Services Engine" and version "3.2"		patch2		Affected