Vulnerabilities > Cisco > Identity Services Engine Software > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-01-15 CVE-2015-6323 Unauthorized Access vulnerability in Cisco Identity Services Engine Software
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
network
low complexity
cisco
critical
 10.0
10
2013-10-25 CVE-2013-5530 OS Command Injection vulnerability in Cisco Identity Services Engine Software
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.
network
low complexity
cisco CWE-78
critical
 9.0
9.0
2011-09-21 CVE-2011-3290 Credentials Management vulnerability in Cisco products
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
network
low complexity
cisco CWE-255
critical
 10.0
10