Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.
History

Fri, 25 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-05-18T00:00:00

Updated: 2024-10-25T15:58:11.933Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20077

cve-icon Vulnrichment

Updated: 2024-08-02T08:57:35.817Z

cve-icon NVD

Status : Modified

Published: 2023-05-18T03:15:09.667

Modified: 2024-11-21T07:40:29.950

Link: CVE-2023-20077

cve-icon Redhat

No data.