Vulnerabilities > Cisco > Identity Services Engine > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-01 CVE-2023-20195 Unrestricted Upload of File with Dangerous Type vulnerability in Cisco Identity Services Engine
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device.
network
low complexity
cisco CWE-434
7.2
2023-09-06 CVE-2023-20243 Improper Handling of Exceptional Conditions vulnerability in Cisco Identity Services Engine 3.1/3.2
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests.
network
low complexity
cisco CWE-755
8.6
2023-05-18 CVE-2023-20163 OS Command Injection vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
network
low complexity
cisco CWE-78
7.2
2023-05-18 CVE-2023-20164 OS Command Injection vulnerability in Cisco Identity Services Engine
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root.
network
low complexity
cisco CWE-78
7.2
2023-04-05 CVE-2023-20122 OS Command Injection vulnerability in Cisco Identity Services Engine 3.2
Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.
local
low complexity
cisco CWE-78
7.8
2023-01-20 CVE-2022-20964 OS Command Injection vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface.
network
low complexity
cisco CWE-78
8.8
2022-11-04 CVE-2022-20956 Unspecified vulnerability in Cisco Identity Services Engine 3.1/3.2
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device.
network
low complexity
cisco
8.8
2022-11-04 CVE-2022-20961 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device.
network
low complexity
cisco CWE-352
8.8
2022-11-04 CVE-2022-20962 Path Traversal vulnerability in Cisco Identity Services Engine 3.1
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation.
network
low complexity
cisco CWE-22
8.8
2022-10-26 CVE-2022-20822 Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device.
network
low complexity
cisco CWE-20
8.1