First published: Thu May 18 2023(Updated: )
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Identity Services Engine | <3.1 | |
Cisco Identity Services Engine | =3.1 | |
Cisco Identity Services Engine | =3.1-patch1 | |
Cisco Identity Services Engine | =3.1-patch3 | |
Cisco Identity Services Engine | =3.1-patch4 | |
Cisco Identity Services Engine | =3.1-patch5 | |
Cisco Identity Services Engine | =3.1-patch6 | |
Cisco Identity Services Engine | =3.2 | |
Cisco Identity Services Engine | =3.2-patch1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-20167 is medium.
The affected software versions of CVE-2023-20167 are Cisco Identity Services Engine 3.1 up to and including 3.1-patch6, and Cisco Identity Services Engine 3.2 up to and including 3.2-patch1.
An authenticated attacker can perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files.
To exploit CVE-2023-20167, you need valid Admin credentials and can then perform the path traversal attacks.
The Common Vulnerabilities and Exposures (CVE) ID for this vulnerability is CVE-2023-20167.