vulnerability

Cisco ISE: CVE-2022-20966: Cisco Identity Services Engine Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	Nov 16, 2022	Oct 21, 2025	Oct 21, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

Nov 16, 2022

Added

Oct 21, 2025

Modified

Oct 21, 2025

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface.

This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks.

Cisco has not yet released software updates that address this vulnerability.

Solution

cisco-ise-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today