Cisco Users Alerted of Vulnerabilities in Identity Services Engine


A researcher discovered two vulnerabilities in Cisco’s Identity Services Engine product, the most severe of which was disclosed to Cisco’s customers.

Identity Services Engine’s web-based management interface has an unauthorized file access flaw, according to Davide Virruso of Yoroi, which enables a remote, authenticated attacker to read and delete files on impacted devices. The problem is catalogued under CVE-2022-20822. However, Cisco has warned customers that hot patches might be available upon request.

Cisco is working on software updates that should close the security hole; updates are anticipated to become available in November 2022 and January 2023.

Read More: Cisco Users Informed of Vulnerabilities in Identity Services Engine

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.