vulnerability

Cisco ISE: CVE-2023-20272: Cisco Identity Services Engine Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:P)	Nov 15, 2023	Oct 21, 2025	Oct 21, 2025

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:P)

Published

Nov 15, 2023

Added

Oct 21, 2025

Modified

Oct 21, 2025

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

Solution

cisco-ise-upgrade-latest

References

CVE-2023-20272
https://attackerkb.com/topics/CVE-2023-20272
URL-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR
CISCO-cisco-sa-ise-mult-j-KxpNynR
CWE-424

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today