Vulnerabilities > Cisco > Identity Services Engine

DATE CVE VULNERABILITY TITLE RISK
2018-10-05 CVE-2018-15425 Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.
network
low complexity
cisco CWE-502
4.7
2018-10-05 CVE-2018-15424 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine 2.2(0.470)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.
network
low complexity
cisco CWE-434
4.7
2018-05-17 CVE-2018-0277 Improper Certificate Validation vulnerability in Cisco Identity Services Engine
A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system.
network
low complexity
cisco CWE-295
8.6
2018-04-19 CVE-2018-0275 Unspecified vulnerability in Cisco Identity Services Engine
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell.
local
low complexity
cisco
6.7
2018-03-08 CVE-2018-0221 OS Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session.
local
low complexity
cisco CWE-78
6.7
2018-03-08 CVE-2018-0216 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
5.4
2018-03-08 CVE-2018-0215 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine 2.0(0.234)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
6.3
2018-03-08 CVE-2018-0214 OS Command Injection vulnerability in Cisco Identity Services Engine 2.1(102.103)
A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection.
local
low complexity
cisco CWE-78
5.3
2018-03-08 CVE-2018-0213 Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.904)
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges.
network
low complexity
cisco CWE-20
8.8
2018-03-08 CVE-2018-0212 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1