CVE-2020-27122Incorrect Privilege Assignment in Cisco Identity Services Engine

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 85.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedNov 6
Latest updateMay 24

Description

A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful exploi

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-6p6p-v55h-88vc: A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to2022-05-24
CVEList
Cisco Identity Services Engine Privilege Escalation Vulnerability2020-11-06

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Privilege Escalation Vulnerability2020-11-04
CVE-2020-27122 — Incorrect Privilege Assignment | cvebase