CVE-2022-20962

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description A vulnerability in the Localdisk Management feature could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This issue is due to insufficient input validation, allowing an attacker to exploit it by sending a crafted HTTP request with absolute path sequences. A successful exploit could allow the attacker to upload malicious files to arbitrary locations within the file system, potentially accessing the underlying operating system and executing commands with system privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.