Vulnerabilities > Cisco > Identity Services Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-20174 | XXE vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. | 4.9 |
| 2023-04-05 | CVE-2023-20121 | OS Command Injection vulnerability in Cisco Identity Services Engine and Prime Infrastructure Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. | 6.7 |
| 2023-04-05 | CVE-2023-20122 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. | 7.8 |
| 2023-04-05 | CVE-2023-20153 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20152 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20022 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20023 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20030 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. | 6.0 |
| 2023-04-05 | CVE-2023-20021 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-03-01 | CVE-2023-20085 | Cross-site Scripting vulnerability in Cisco Identity Services Engine 3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. | 6.1 |