Vulnerabilities > Cisco > Identity Services Engine > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-04 | CVE-2022-20961 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |
| 2022-11-04 | CVE-2022-20962 | Path Traversal vulnerability in Cisco Identity Services Engine 3.1 A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. | 8.8 |
| 2022-10-26 | CVE-2022-20822 | Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. | 8.1 |
| 2022-04-06 | CVE-2022-20756 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. | 7.5 |
| 2021-10-06 | CVE-2021-1594 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. | 8.1 |
| 2020-11-06 | CVE-2020-27122 | Improper Privilege Management vulnerability in Cisco Identity Services Engine A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. | 7.2 |
| 2019-04-17 | CVE-2019-1718 | Resource Management Errors vulnerability in Cisco Identity Services Engine 2.1(0.907) A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. | 7.8 |
| 2018-04-19 | CVE-2018-0275 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. | 7.2 |
| 2018-03-08 | CVE-2018-0221 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. | 7.2 |
| 2017-11-02 | CVE-2017-12261 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. | 7.2 |