CVE-2023-20195

Name of the Vulnerable Software and Affected Versions Cisco ISE (affected versions not specified)

Description The issue is related to improper validation of files uploaded to the web-based management interface, allowing an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this, an attacker must have valid Administrator credentials on the affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device, potentially leading to additional attacks, including executing arbitrary code on the affected device with root privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.