First published: Thu May 18 2023(Updated: )
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Identity Services Engine | =3.1 | |
Cisco Identity Services Engine | =3.1-patch1 | |
Cisco Identity Services Engine | =3.1-patch3 | |
Cisco Identity Services Engine | =3.1-patch4 | |
Cisco Identity Services Engine | =3.1-patch5 | |
Cisco Identity Services Engine | =3.2 | |
Cisco Identity Services Engine | =3.2-patch1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20171 is a vulnerability in Cisco Identity Services Engine (ISE) that could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system.
CVE-2023-20171 has a severity rating of 6.5 out of 10, which is considered medium.
To exploit CVE-2023-20171, an attacker must have valid credentials on an affected device.
CVE-2023-20171 affects Cisco Identity Services Engine versions 3.1, 3.2, and their respective patches.
More information about CVE-2023-20171 can be found in the Cisco Security Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-delete-read-PK5ghDDd