What is CVE-2022-20962?

CVE-2022-20962 is a low-severity vulnerability in Cisco Identity Services Engine Software, classified under CWE-37. CVSS score: 3.8/10. Published 2022-11-03.

How severe is CVE-2022-20962?

Low severity. CVSS v3 base score is 3.8 out of 10.

Vulnerability in Cisco Identity Services Engine Software

CVE-2022-20962

A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due t…

EPSS: 0.002 (39.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.8 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N.

Affected products

Cisco Identity Services Engine Software — versions 3.1.0, 3.1.0 p1, 3.1.0 p3

Weakness classification (CWE)

CWE-37

References

cisco-sa-ise-path-trav-f6M7cs6r

Frequently asked questions

What is CVE-2022-20962?: CVE-2022-20962 is a low-severity vulnerability in Cisco Identity Services Engine Software, classified under CWE-37. CVSS score: 3.8/10. Published 2022-11-03.
How severe is CVE-2022-20962?: Low severity. CVSS v3 base score is 3.8 out of 10.