Vulnslist

find the latest Cisco vulnerabilities

Cisco Identity Services Engine Privilege Escalation Vulnerabilities

cisco-sa-ise-priv-esc-KJLp2Aw · Medium · Published · Updated

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform privilege escalation attacks to read or modify arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid Administrator-level privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address one of these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2023-20193, CVE-2023-20194
Cisco Bug IDsCSCwd07348, CSCwd93721
CVSS ScoreBase 6.0
Base 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Base 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Identity Services Engine Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Identity Services Engine Software known_affected cisco_csaf CVE-2023-20193, CVE-2023-20194 2

Related Products

Product CVE Evidence
Cisco Identity Services Engine Software CVE-2023-20194 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2023-20193 Cisco OpenVuln