Vulnerabilities > Cisco > Identity Services Engine > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-20172 | Improper Input Validation vulnerability in Cisco Identity Services Engine 3.1/3.2 Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. | 4.9 |
| 2023-05-18 | CVE-2023-20173 | XXE vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. | 4.9 |
| 2023-05-18 | CVE-2023-20174 | XXE vulnerability in Cisco Identity Services Engine Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. | 4.9 |
| 2023-04-05 | CVE-2023-20121 | OS Command Injection vulnerability in Cisco Identity Services Engine and Prime Infrastructure Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. | 6.7 |
| 2023-04-05 | CVE-2023-20153 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20152 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20022 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20023 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |
| 2023-04-05 | CVE-2023-20030 | XXE vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. | 6.0 |
| 2023-04-05 | CVE-2023-20021 | OS Command Injection vulnerability in Cisco Identity Services Engine 3.2 Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. | 6.7 |