Vulnerabilities > Cisco > Identity Services Engine > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2022-20964 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. | 8.8 |
| 2022-11-04 | CVE-2022-20956 | Unspecified vulnerability in Cisco Identity Services Engine 3.1/3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. | 8.8 |
| 2022-11-04 | CVE-2022-20961 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. | 8.8 |
| 2022-11-04 | CVE-2022-20962 | Path Traversal vulnerability in Cisco Identity Services Engine 3.1 A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. | 8.8 |
| 2022-10-26 | CVE-2022-20822 | Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. | 8.1 |
| 2022-04-06 | CVE-2022-20756 | Unspecified vulnerability in Cisco Identity Services Engine A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. | 7.5 |
| 2021-10-06 | CVE-2021-1594 | OS Command Injection vulnerability in Cisco Identity Services Engine A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. | 8.1 |
| 2020-10-08 | CVE-2020-3467 | Incorrect Authorization vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. | 7.7 |
| 2019-04-17 | CVE-2019-1718 | Unspecified vulnerability in Cisco Identity Services Engine 2.1(0.907) A vulnerability in the web interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to trigger high CPU usage, resulting in a denial of service (DoS) condition. | 7.5 |
| 2019-01-23 | CVE-2018-15459 | Unspecified vulnerability in Cisco Identity Services Engine 2.3(0.298)/2.5(0.1) A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain additional privileges on an affected device. | 7.2 |