CVE Advisory- 전체 공개 Cisco ISE 다중 취약성 -1- 클릭이있는 RCE 관련 IOC 38개 발견
초기에는 세 가지 취약점이 발견되었습니다. CVE-2022-20964-명령 주입-CWE-78, CVE-2022-20965-명령 주입-CWE-78, CVE-2022-20966-명령 주입-CWE-78, CVE-2022-20967-명령 주입-CWE-78이며, Cisco Identity Services Engine 2.7부터 3.2까지의 버전에 영향을 미치는 취약점입니다. NIST 등급은 8.8, OWASP 카테고리는 A03- 주입, WSTG-INPV-12이며, 승인된 엔드 포인트들이 영향을 받습니다.
Yoroi
CVE Advisory - Full Disclosure Cisco ISE Multiple Vulnerabilities - RCE with 1-Click
In the early days, three vulnerabilities were found.CVE-2022-20964-Injected command-CWE-78, CVE-20122-20965-Injection-CWE-78, CVE-20122-20966-command-CWE-78, CVE-2022-20967-command-CWE-It is 78 and is a vulnerability that affects versions from Cisco Identity Services Engine 2.7 to 3.2.The NIST rating is 8.8, the OWASP category is A03-injected, WSTG-INPV-12, and the approved endpoints are affected.
https://yoroi.company/en/research/cve-advisory-full-disclosure-cisco-ise-multiple-vulnerabilities-rce-with-1-click/