CVE Advisory- 전체 곡개 Cisco ISE Path Traversal

πŸ’Œ λ³΄μ•ˆ μ†Œμ‹
1

CVE Advisory- 전체 곡개 Cisco ISE Path Traversal

Yoroi Advisory Team은 2022λ…„ 7μ›”, Cisco Identity Services Engine(Ver. 3.1.0.518-Patch3-22042809)λ₯Ό λΆ„μ„ν•˜κΈ° μ‹œμž‘ν–ˆμœΌλ©°, λˆ„κ°€ λ„€νŠΈμ›Œν¬μ— μ•‘μ„ΈμŠ€ν•  수 μžˆλŠ”μ§€, μ–Έμ œ μ•‘μ„ΈμŠ€ν•  수 μžˆλŠ”μ§€ 등을 μ •ν™•ν•˜κ²Œ μ œμ–΄ν•˜λŠ” λ„€νŠΈμ›Œν¬ 관리 λ„κ΅¬λ‘œ, μ†Œν”„νŠΈμ›¨μ–΄ μ •μ˜ μ•‘μ„ΈμŠ€λ₯Ό 보μž₯ν•˜κ³  λ„€νŠΈμ›Œν¬ μ„ΈλΆ„ν™”λ₯Ό μžλ™ν™”ν•©λ‹ˆλ‹€. CVE-2022-20822-경둜 이동-CWE 22κ³Ό 같은 취약점이 λ°œκ²¬λ˜μ—ˆκ³ , μ μˆ˜λŠ” 7.1이며 영ν–₯은 λ†’λ‹€.

CVE Advisory - Full Disclosure Cisco ISE Path Traversal

Yoroi Advisory Team began to analyze Cisco Identity Services Engine (Ver. 3.1.0.518-Patch3-22042809) in July 2022, and network management that accurately controls who can access the network or when accessing the network and when accessing the network.As a tool, it ensures software definition access and automates network segmentation.A vulnerability such as CVE-2022-20822-Path-CWE 22 has been found, with a score of 7.1 and a high impact.

https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-path-traversal/