A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-11-03T18:45:44.243Z

Updated: 2024-08-03T02:31:58.679Z

Reserved: 2021-11-02T13:28:29.197Z

Link: CVE-2022-20961

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-04T18:15:11.403

Modified: 2024-11-21T06:43:55.460

Link: CVE-2022-20961

cve-icon Redhat

No data.