fkie_cve-2020-3589
Vulnerability from fkie_nvd
Published
2020-10-08 05:15
Modified
2024-11-21 05:31
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxs-mf5cbYx5Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxs-mf5cbYx5Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine 2.2.0
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.2.0.470
cisco identity_services_engine 2.3.0
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.3.0.298
cisco identity_services_engine 2.4.0
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.4.0.357
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0
cisco identity_services_engine 2.6.0.156
cisco identity_services_engine 2.6.0.156
cisco identity_services_engine 2.6.0.156
cisco identity_services_engine 2.6.0.156
cisco identity_services_engine 2.6.0.156
cisco identity_services_engine 2.6.0.156
cisco identity_services_engine 2.7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0:patch16:*:*:*:*:*:*",
              "matchCriteriaId": "B1EEFEB1-10A2-4959-A2D7-2BE3012BEF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "8114A0B4-F81C-4EB8-AC17-AF4781F6CAB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch10:*:*:*:*:*:*",
              "matchCriteriaId": "70B293D8-207E-43BD-BAA3-E79ED562B52D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch11:*:*:*:*:*:*",
              "matchCriteriaId": "25B5B012-A6FD-4B53-8116-AEA7A932F376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch12:*:*:*:*:*:*",
              "matchCriteriaId": "8260B1A1-3D16-46DA-90EC-42A546CE564F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch13:*:*:*:*:*:*",
              "matchCriteriaId": "70C00EEF-C119-41B5-8140-77BEEF639CA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch14:*:*:*:*:*:*",
              "matchCriteriaId": "423BD5AD-C8E1-47DC-BF61-D285B29442BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch15:*:*:*:*:*:*",
              "matchCriteriaId": "F88D615F-F9EE-4282-A476-85B5B2078F78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch16:*:*:*:*:*:*",
              "matchCriteriaId": "732FDC75-C3C5-4FD0-93B7-1A3CE4DEA507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "BF38434A-060E-42C2-A622-8E1ED51CAC7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "81300E10-0BDD-490D-BBE9-CA75803426C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "3BC7044A-6FB4-457F-808F-FA1F8B85469A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "4C0BE493-4EE9-404E-B7BA-3525CA7AE9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "7EFC7A75-B2FA-4F36-91A0-E32B5D7ECD93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "8A7009F6-4418-4CAD-B489-DC104CDC050C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch8:*:*:*:*:*:*",
              "matchCriteriaId": "88970AD1-07E3-4A67-A20F-AB0FE13E1B2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.2.0.470:patch9:*:*:*:*:*:*",
              "matchCriteriaId": "7605EBFC-6810-46A9-960D-816412E6DD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "1F4F2F0A-6525-4C41-B67F-989BD67AF376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:-:*:*:*:*:*:*",
              "matchCriteriaId": "2C9676EF-DDF4-46E3-A8B4-9AD51881E4DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "4EE51B0E-75A2-4BCF-848C-0EEEDFE3C41A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "60A8BF35-41D2-4985-B5CB-721FF433B7CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "B633B472-923C-4527-9D2C-F1971FDAB314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "F6A45D74-4CD6-4941-AB15-3DB3BAFF1467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "A8E90D56-22D4-433F-9325-D6C7F544E034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "C07A60F0-BE4D-41F1-B433-433B3883AA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.3.0.298:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "314F6A42-D983-4FC1-8793-81011992B7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0:patch12:*:*:*:*:*:*",
              "matchCriteriaId": "E5D220CF-8178-4F26-B1C3-175A10EBD65B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:-:*:*:*:*:*:*",
              "matchCriteriaId": "ED00A491-8BEA-4A21-B2CA-6E17183563E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B2E49C7A-802D-4807-AF48-94112B821ABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch10:*:*:*:*:*:*",
              "matchCriteriaId": "87B967FC-3CAA-4DD0-A936-16F9F1EA5E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "1A2E55FE-562A-45F9-9859-33CF0FE31F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "CAF04BC3-18CC-4C02-AEDC-82785B5EEC5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "5435128C-88C9-4C29-908A-F9765A79B73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "311241C1-8E29-4A80-8559-39D120A37A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "A9C80434-077A-4B9B-9EA6-8B44A7B86557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "058977FE-0FBF-4C66-B961-0698A127EF2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch8:*:*:*:*:*:*",
              "matchCriteriaId": "F0341C1F-6F30-4CAC-8D31-58359067DD5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.4.0.357:patch9:*:*:*:*:*:*",
              "matchCriteriaId": "9BE8D28E-1F21-4C90-8A7A-C237B2F4C2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "8B45856E-6BE4-40A7-AE2F-4F9DC9315875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "1F6D1780-3306-4481-A3CD-8F7732D955CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "07BF9702-0607-49A1-A82A-E4ADF1A4135F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "11AA4EC0-6F3C-45A9-9AA4-0D81876F44B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "1B4B88F0-3229-4B07-9308-C37C794595A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "E02F0E61-FBFF-4C6D-9132-E266FF67802B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "541EC483-540A-4080-AA69-82A0F30EE3D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0.156:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B0B59AE5-F1C6-40A4-B912-00A8CAF67D3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0.156:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "220D24D8-D454-4173-A78C-F9EF4B1864E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0.156:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "2AA62908-125C-4696-88F0-CDBED70DD2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0.156:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "59306404-2D46-4E2B-9609-4DCB69D612DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0.156:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "3EE5A0AB-8BD4-436E-B2C5-818081444B95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0.156:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "0B29D933-1505-45E3-B5A2-8955F1D9E397",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Identity Services Engine (ISE) Software, podr\u00eda permitir a un atacante remoto autenticado con credenciales administrativas conducir un ataque de tipo cross-site scripting (XSS) contra un usuario de la interfaz.\u0026#xa0;La vulnerabilidad se presenta porque la interfaz de administraci\u00f3n basada en web no comprueba apropiadamente la entrada suministrada por el usuario.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad al inyectar c\u00f3digo malicioso en p\u00e1ginas espec\u00edficas de la interfaz.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar un c\u00f3digo script arbitrario en el contexto de la interfaz o acceder a informaci\u00f3n confidencial basada en navegador.\u0026#xa0;Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales administrativas v\u00e1lidas"
    }
  ],
  "id": "CVE-2020-3589",
  "lastModified": "2024-11-21T05:31:22.103",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-08T05:15:15.477",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxs-mf5cbYx5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxs-mf5cbYx5"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.