Vulnerabilities > Cisco > Identity Services Engine

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2023-20172 Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system.
network
low complexity
cisco CWE-20
4.9
2023-05-18 CVE-2023-20173 XXE vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
4.9
2023-05-18 CVE-2023-20174 XXE vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device.
network
low complexity
cisco CWE-611
4.9
2023-04-05 CVE-2023-20121 OS Command Injection vulnerability in Cisco Identity Services Engine and Prime Infrastructure
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.
local
low complexity
cisco CWE-78
6.7
2023-04-05 CVE-2023-20122 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.
local
low complexity
cisco CWE-78
7.8
2023-04-05 CVE-2023-20153 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2
Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
6.7
2023-04-05 CVE-2023-20152 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2
Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
6.7
2023-04-05 CVE-2023-20022 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2
Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
6.7
2023-04-05 CVE-2023-20023 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2
Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
local
low complexity
cisco CWE-78
6.7
2023-04-05 CVE-2023-20030 XXE vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself.
network
low complexity
cisco CWE-611
6.0