Command injection

2023-05-1803:15:00

PRIOn knowledge base

www.prio-n.com

cisco

identity services engine

command injection

privilege escalation

operating system

authentication

vulnerabilities

advisory

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.1%

JSON

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CPENameOperatorVersion
identity_services_enginele2.7
identity_services_engineeq3.0.0
identity_services_engineeq3.0.0 patch1
identity_services_engineeq3.1
identity_services_engineeq3.0.0 patch2
identity_services_engineeq3.0.0 patch3
identity_services_engineeq3.0.0 patch4
identity_services_engineeq3.1 patch1
identity_services_engineeq3.0.0 patch5
identity_services_engineeq3.0.0 patch6

Name	Operator	Version
identity_services_engine	le	2.7
identity_services_engine	eq	3.0.0
identity_services_engine	eq	3.0.0 patch1
identity_services_engine	eq	3.1
identity_services_engine	eq	3.0.0 patch2
identity_services_engine	eq	3.0.0 patch3
identity_services_engine	eq	3.0.0 patch4
identity_services_engine	eq	3.1 patch1
identity_services_engine	eq	3.0.0 patch5
identity_services_engine	eq	3.0.0 patch6