Vulnerability in Cisco Identity Services Engine Software
CVE-2023-20194
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administ…
EPSS: 0.001 (23.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Cisco Identity Services Engine Software — versions 2.6.0, 2.6.0 p1, 2.6.0 p2
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2023-20194?
- CVE-2023-20194 is a medium-severity vulnerability in Cisco Identity Services Engine Software, classified under Privilege Chaining. CVSS score: 4.9/10. Published 2023-09-07.
- How severe is CVE-2023-20194?
- Medium severity. CVSS v3 base score is 4.9 out of 10.