November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2022-45047 – Apache MINA SSHD Vulnerability
November 17, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox and Firefox ESR Vulnerabilities
November 17, 2022Rewterz Threat Advisory – CVE-2022-45047 – Apache MINA SSHD Vulnerability
November 17, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox and Firefox ESR Vulnerabilities
November 17, 2022
Severity
Medium
Analysis Summary
CVE-2022-20967 CVSS:4.8
Cisco Identity Services Engine is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by an application feature before storage within the External RADIUS Server feature of the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20966 CVSS:5.4
Cisco Identity Services Engine is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface tcpdump feature. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2022-20964 CVSS:6.3
Cisco Identity Services Engine could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user input within requests as part of the web-based management interface tcpdump feature. By manipulating requests to the web-based management interface to contain operating system commands, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system with root privileges.
CVE-2022-20965 CVSS:4.3
Cisco Identity Services Engine could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control in the web-based management interface. By sending a direct request, an attacker could exploit this vulnerability to take privileged actions within the web-based management interface that should be otherwise restricted.
Impact
- Cross-Site Scripting
- Command Execution
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-20967
- CVE-2022-20966
- CVE-2022-20964
- CVE-2022-20965
Affected Vendors
Cisco
Affected Products
- Cisco Identity Services Engine
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.