CVE-2023-20272

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information.

Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine podría permitir que un atacante remoto autenticado cargue archivos maliciosos en la raíz web de la aplicación. Esta vulnerabilidad se debe a una validación de entrada de archivos insuficiente. Un atacante podría aprovechar esta vulnerabilidad cargando un archivo malicioso en la interfaz web. Un exploit exitoso podría permitir al atacante reemplazar archivos y obtener acceso a información confidencial del lado del servidor.