How severe is CVE-2023-20272?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-20272?

This is classified as CWE-424, which is a common weakness in software security.

CVE-2023-20272 - HIGH Severity | CVSS 8.8

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

Related Vulnerabilities

CVE-2023-5165

HIGH

CVSS:8.8(High)

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching ...

CWE-4242023

CVE-2025-48828

CRITICAL

CVSS:9.0(Critical)

Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocat...

CWE-4242025

CVE-2023-52952

CRITICAL

CVSS:8.5(High)

A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMe...

CWE-4242023

CVE-2024-58136

CRITICAL

CVSS:9.8(Critical)

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

CWE-4242024

CVE-2019-18996

HIGH

CVSS:7.8(High)

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the loc...

CWE-4242019

CVE-2023-46176

HIGH

CVSS:7.8(High)

IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.

CWE-4242023