cvelist/2022/20xxx/CVE-2022-20822.json

{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2022-10-19T23:00:00",
        "ID": "CVE-2022-20822",
        "STATE": "PUBLIC",
        "TITLE": "Cisco Identity Services Engine Unauthorized File Access Vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Cisco Identity Services Engine Software ",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "n/a"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Cisco"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "\r A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device.\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. \r Cisco plans to release software updates that address this vulnerability. "
            }
        ]
    },
    "exploit": [
        {
            "lang": "eng",
            "value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerability that is described in this advisory will become available after software fixes are released. Public reports of the vulnerability, including a description and classification without specific technical details, will become available after publication of this advisory. "
        }
    ],
    "impact": {
        "cvss": {
            "baseScore": "7.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N ",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-22"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "20221019 Cisco Identity Services Engine Unauthorized File Access Vulnerability",
                "refsource": "CISCO",
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM"
            }
        ]
    },
    "source": {
        "advisory": "cisco-sa-ise-path-trav-Dz5dpzyM",
        "defect": [
            [
                "CSCwc62415"
            ]
        ],
        "discovery": "INTERNAL"
    }
}
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`{`
			`"CVE_data_meta": {`
Adding Cisco CVE-2022-20822 2022-10-26 13:55:00 +00:00			`"ASSIGNER": "psirt@cisco.com",`
			`"DATE_PUBLIC": "2022-10-19T23:00:00",`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`"ID": "CVE-2022-20822",`
Adding Cisco CVE-2022-20822 2022-10-26 13:55:00 +00:00			`"STATE": "PUBLIC",`
			`"TITLE": "Cisco Identity Services Engine Unauthorized File Access Vulnerability"`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`},`
Adding Cisco CVE-2022-20822 2022-10-26 13:55:00 +00:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Cisco Identity Services Engine Software ",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Cisco"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Adding Cisco CVE-2022-20822 2022-10-26 13:55:00 +00:00			"value": "\r A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device.\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. \r Cisco plans to release software updates that address this vulnerability. "
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`}`
			`]`
Adding Cisco CVE-2022-20822 2022-10-26 13:55:00 +00:00			`},`
			`"exploit": [`
			`{`
			`"lang": "eng",`
			`"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerability that is described in this advisory will become available after software fixes are released. Public reports of the vulnerability, including a description and classification without specific technical details, will become available after publication of this advisory. "`
			`}`
			`],`
			`"impact": {`
			`"cvss": {`
			`"baseScore": "7.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N ",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-22"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "20221019 Cisco Identity Services Engine Unauthorized File Access Vulnerability",`
			`"refsource": "CISCO",`
			`"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM"`
			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "cisco-sa-ise-path-trav-Dz5dpzyM",`
			`"defect": [`
			`[`
			`"CSCwc62415"`
			`]`
			`],`
			`"discovery": "INTERNAL"`
Revert "November 2021 Patch Tuesday" This reverts commit df296d9e014bf68ef22c0583c98da3fbe42ea316. 2021-11-17 15:47:33 -05:00			`}`
Adding Cisco CVE-2022-20822 2022-10-26 13:55:00 +00:00			`}`