Vulnerabilities > Cisco > Identity Services Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-08 | CVE-2018-0215 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine 2.0(0.234) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 6.3 |
| 2018-03-08 | CVE-2018-0214 | OS Command Injection vulnerability in Cisco Identity Services Engine 2.1(102.103) A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. | 5.3 |
| 2018-03-08 | CVE-2018-0213 | Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.904) A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. | 8.8 |
| 2018-03-08 | CVE-2018-0212 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-03-08 | CVE-2018-0211 | Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.474)/2.2(1.145)/2.4(0.247) A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. | 4.4 |
| 2018-01-18 | CVE-2018-0091 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-11-02 | CVE-2017-12261 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. | 7.8 |
| 2017-08-07 | CVE-2017-6747 | Improper Authentication vulnerability in Cisco Identity Services Engine A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. | 9.8 |
| 2017-07-10 | CVE-2017-6734 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. | 5.4 |
| 2017-07-10 | CVE-2017-6733 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(102.101)/2.2(0.283)/2.3(0.151) A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |