CVE-2023-20085
published 2023-03-01CVE-2023-20085: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected interface or access sensitive, browser-based information.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_identity_services_engine_software | — | — |
| cisco | identity_services_engine | — | — |
| cisco | identity_services_engine_stored | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM