A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
24 Jul 2023, 13:30
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
24 Jun 2022, 19:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 9.8 |
CPE | cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:* |
|
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-SAML-nuukMPf9 - Vendor Advisory |
15 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-15 18:15
Updated : 2024-11-21 06:43
NVD link : CVE-2022-20733
Mitre link : CVE-2022-20733
CVE.ORG link : CVE-2022-20733
JSON object : View
Products Affected
cisco
- identity_services_engine
CWE