A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2022-11-03T18:45:44.243Z
Updated: 2024-08-03T02:31:58.679Z
Reserved: 2021-11-02T13:28:29.197Z
Link: CVE-2022-20961
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-04T18:15:11.403
Modified: 2024-11-21T06:43:55.460
Link: CVE-2022-20961
Redhat
No data.