Vulnerabilities > CVE-2018-15425 - Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine

047910
CVSS 4.7 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
LOW
network
low complexity
cisco
CWE-502

Summary

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

Common Weakness Enumeration (CWE)