CVE-2020-3467

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) is due to improper enforcement of role-based access control (RBAC) within the interface. This could allow an authenticated, remote attacker to modify parts of the configuration on an affected device by sending a crafted HTTP request. A successful exploit could allow the attacker to modify the configuration, potentially allowing unauthorized devices onto the network or preventing authorized devices from accessing the network. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.