Cisco Security Updates for Identity Services Engine - 20221123002

Overview

Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE).

What is the vulnerability ?

A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files.

What is vulnerable ?

CVE-2022-20959 - Cisco Identity Service Engine Cross-Site Scripting Vulnerability

CVE-2022-20964 - Cisco Identity Service Engine Vulnerabilities\ CVE-2022-20965

CVE-2022-20956 - Cisco Identity Services Engine Insufficient Access Control Vulnerability

CVE-2022-20867 - Cisco Email Security Appliance, Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance Next Generation Management Vulnerabilities\ CVE-2022-20868

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

WA SOC encourages users and administrators to review the security advisory for the above mentioned Cisco Security Updates for Identity Services Engine.

Reference

• Cisco Security Advisories https://tools.cisco.com/security/center/publicationListing.x