CVE-2023-20174

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description The issue is related to the web-based management interface of Cisco Identity Services Engine (ISE) and involves multiple vulnerabilities. These vulnerabilities could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. The vulnerabilities are associated with incorrect restriction of XML links to external objects, which may enable an attacker to upload a specially crafted XML file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.