{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-17T12:42:41.804","vulnerabilities":[{"cve":{"id":"CVE-2022-20956","sourceIdentifier":"psirt@cisco.com","published":"2022-11-04T18:15:11.217","lastModified":"2024-11-21T06:43:54.703","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files.\r\n\r This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to.\r\n\r Cisco plans to release software updates that address this vulnerability.  \r\n\r  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx\"]\r\n"},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto autenticado haga una omisión sobre la autorización y acceda a los archivos del sistema. Esta vulnerabilidad se debe a un control de acceso inadecuado en la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada al dispositivo afectado. Un exploit exitoso podría permitir al atacante enumerar, descargar y eliminar ciertos archivos a los que no debería tener acceso. Cisco planea lanzar actualizaciones de software que aborden esta vulnerabilidad. \nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-648"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*","matchCriteriaId":"C4DB9726-532F-45CE-81FD-45F2F6C7CE51"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*","matchCriteriaId":"2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*","matchCriteriaId":"5D1765DB-1BEF-4CE9-8B86-B91F709600EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*","matchCriteriaId":"3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*","matchCriteriaId":"36722B6C-64A5-4D00-94E1-442878C37A35"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx","source":"psirt@cisco.com"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}