Vulnerabilities > CVE-2018-15425 - Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

cisco

CWE-502

NVD

Published: 2018-10-05

Updated: 2020-09-16

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Identity Services Engine 2.1\(0.474\) Cisco Identity Services Engine 2.1\(0.907\) Cisco Identity Services Engine 2.2\(0.470\) Cisco Identity Services Engine 2.2\(0.909\) Cisco Identity Services Engine 2.3\(0.298\) Cisco Identity Services Engine 2.3\(0.905\) Cisco Identity Services Engine 2.4\(0.357\) Cisco Identity Services Engine 2.4\(0.904\)	8

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References