Security readout for executives and security teams
Plain-English summary
Cisco ISE could let a logged-in read-only administrator change parts of device configuration through the web management interface. That matters because ISE controls network access decisions, so misconfiguration could admit unauthorized devices or block legitimate users. The bundle does not identify active exploitation.
Executive priority
Prioritize remediation for internet-reachable or broadly accessible ISE management interfaces. Business impact can include unauthorized network access or denial of access for legitimate devices, but exploitation requires valid read-only admin credentials.
Technical view
CVE-2020-3467 is an RBAC enforcement flaw in Cisco Identity Services Engine Software’s web-based management interface. An authenticated remote attacker with valid Read-Only Administrator credentials could send a crafted HTTP request and modify parts of configuration. The CVSS v3.0 score is 7.7 high.
Likely exposure
Exposure is limited to Cisco ISE deployments where attackers can reach the web management interface and obtain valid Read-Only Administrator credentials. The source bundle does not include affected version details.
Exploitation context
The vulnerability requires authentication, low privileges, network access, and no user interaction. Sources do not state public exploitation, and the CVE is not marked KEV in the provided bundle.
Researcher notes
The evidence supports improper RBAC enforcement in the Cisco ISE web UI, mapped to CWE-863. Version and fixed-release details are not present in the source bundle, so researchers should use Cisco’s advisory before concluding exposure.
Mitigation direction
- Review Cisco’s advisory for affected releases and fixed software guidance.
- Inventory Cisco ISE Software deployments and confirm version exposure.
- Restrict Read-Only Administrator accounts to users with operational need.
- Monitor configuration changes performed by low-privileged administrator accounts.
- Restrict web management access through existing administrative access controls.
Validation and detection
- Confirm whether Cisco ISE Software is deployed in the environment.
- Check Cisco’s advisory against installed ISE versions.
- Review Read-Only Administrator accounts and recent credential use.
- Audit ISE configuration changes for unexpected modifications.
- Verify management interface access is limited to authorized networks.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-863: Authorization and privilege behavior lookup
Authorization weaknesses can support privilege escalation and valid-account review, depending on exploit path. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupPrivilege behavior lookup
The CVE wording references privilege impact, so privilege escalation and authorization behavior review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2020-3467 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.7 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H3.14Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
7.7HighVector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Source materials
- CVE List V5 sourceCVE List V5
- 20201007 Cisco Identity Services Engine Authorization Bypass VulnerabilityCVE reference · vendor-advisory, x_refsource_CISCO
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
