How severe is CVE-2022-20956?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2022-20956?

This is classified as CWE-648, which is a common weakness in software security.

CVE-2022-20956 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"]

Related Vulnerabilities

CVE-2023-28062

HIGH

CVSS:8.8(High)

Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to b...

CWE-6482023

CVE-2024-37018

CRITICAL

CVSS:9.1(Critical)

The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets.

CWE-6482024

CVE-2022-24821

HIGH

CVSS:8.1(High)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Progr...

CWE-6482022

CVE-2022-4687

HIGH

CVSS:8.1(High)

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.

CWE-6482022

CVE-2022-4796

HIGH

CVSS:8.1(High)

Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1.

CWE-6482022

CVE-2019-1010178

CRITICAL

CVSS:9.8(Critical)

Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The at...

CWE-6482019