Vulnerabilities > Cisco > Identity Services Engine > 3.3.0

DATE CVE VULNERABILITY TITLE RISK
2024-07-17 CVE-2024-20296 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
network
low complexity
cisco CWE-434
7.2
2024-04-03 CVE-2024-20368 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
8.8