CVE-2022-20964

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified)

Description The issue is related to the improper validation of user input within requests as part of the web-based management interface, allowing an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This could enable the attacker to execute arbitrary operating system commands with the privileges of the web services user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.