CVE-2022-20733 — Vulnetix

CVE-2022-20733 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions.

EPSS 0.52% · 67.1th percentile

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.52%

67.1th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco Identity Services Engine Software	n/a
cisco	identity_services_engine	3.1, 3.1

Exploit Intelligence

20220615 Cisco Identity Services Engine Authentication Bypass Vulnerability (circl)

Timeline

Jun 15, 2022 CVE Published
Jun 16, 2022 EPSS Score
Aug 4, 2022 EPSS Score
Sep 21, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Dec 26, 2022 EPSS Score
Feb 12, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 1, 2023 EPSS Score
Jul 6, 2023 EPSS Score
Aug 23, 2023 EPSS Score
Oct 10, 2023 EPSS Score

References

20220615 Cisco Identity Services Engine Authentication Bypass Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-20733 advisory

Open in Interactive Console →