CVE-2023-20173

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE). These vulnerabilities could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. Additionally, there is an issue with incorrect restriction of XML links to external objects, which could allow a remote attacker to gain unauthorized access to protected information by uploading a specially crafted XML file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.