CVE-2023-20171 | THREATINT

Description

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

PUBLISHED Reserved 2022-10-27 | Published 2023-05-18 | Updated 2024-10-25 | Assigner cisco

MEDIUM: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-602

Product status

Any version

affected

References

sec.cloudapps.cisco.com/...-sa-ise-file-delete-read-PK5ghDDd (20230517 Cisco Identity Services Engine Arbitrary File Delete and File Read Vulnerabilities) vendor-advisory

cve.org (CVE-2023-20171)

nvd.nist.gov (CVE-2023-20171)

Download JSON