Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability
Vulnerability Description
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
Cisco ISE 授权问题漏洞
Vulnerability Description
Cisco ISE是美国思科(Cisco)公司的一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。 Cisco ISE存在授权问题漏洞,该漏洞源于API授权不足和数据验证不当,从而允许攻击者获取敏感信息或修改配置。
CVSS Information
N/A
Vulnerability Type
N/A