Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform privilege escalation attacks to read or modify arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid Administrator-level privileges on the affected device.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address one of these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw
Security Impact Rating: Medium
CVE: CVE-2023-20193,CVE-2023-20194
Source:: Cisco Security Advisories