CVE-2023-20077Path Traversal: '/absolute/pathname/here' in Cisco Identity Services Engine

CWE-37Path Traversal: '/absolute/pathname/here'CWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUMNVD
CNA4.9
EPSS
0.1%
top 74.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Identity Services EngineCisco Identity Services Engine Software
Timeline
PublishedMay 18

Description

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Cisco Identity Services Engine Arbitrary File Download Vulnerabilities2023-05-18
GHSA
GHSA-mhf4-w9w2-rg8w: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker t2023-05-18

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Arbitrary File Download Vulnerabilities2023-05-17
CVE-2023-20077 — Cisco vulnerability | cvebase