Vulnerabilities > Cisco > Identity Services Engine

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-0211 Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.474)/2.2(1.145)/2.4(0.247)
A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition.
local
low complexity
cisco CWE-20
4.4
2018-01-18 CVE-2018-0091 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
2017-11-02 CVE-2017-12261 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges.
local
low complexity
cisco CWE-863
7.8
2017-08-07 CVE-2017-6747 Improper Authentication vulnerability in Cisco Identity Services Engine
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication.
network
low complexity
cisco CWE-287
critical
9.8
2017-07-10 CVE-2017-6734 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal.
network
low complexity
cisco CWE-79
5.4
2017-07-10 CVE-2017-6733 Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(102.101)/2.2(0.283)/2.3(0.151)
A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
2017-07-04 CVE-2017-6701 Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(102.101)
A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
2017-07-04 CVE-2017-6605 Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(0.800)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2017-05-22 CVE-2017-6653 Allocation of Resources Without Limits or Throttling vulnerability in Cisco Identity Services Engine 2.1(0.474)
A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests.
network
low complexity
cisco CWE-770
7.5
2016-12-14 CVE-2016-9198 Resource Management Errors vulnerability in Cisco Identity Services Engine 1.2(1.199)
A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack.
network
low complexity
cisco CWE-399
7.5