Lucene search
K

886 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.68 views

Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the...

9.1CVSS7.4AI score0.00748EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 4:17 p.m.9 views

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS5.4AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 4:17 p.m.81 views

CVE-2026-20190

Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 4:16 p.m.15 views

EUVD-2026-37748

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.1CVSS5.9AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20148

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

4.9CVSS5.7AI score0.06919EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.5AI score0.11679EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.92 views

📄 Cisco ISE 2.2 Remote Code Execution

This Metasploit module exploits an unauthorized file upload vulnerability in Cisco ISE. A ZIP file containing a JSP file with a manipulated path path traversal is uploaded. The webshell is then extracted to the webapps folder...

10CVSS7.5AI score0.09805EPSS
Exploits3
NVD
NVD
added 2026/05/06 5:16 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:15 p.m.7 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:14 p.m.8 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 4:14 p.m.26 views

CVE-2026-20195

The CVE concerns Cisco Identity Services Engine (ISE) where an identity management API endpoint exposes error-based responses that let unauthenticated remote attackers enumerate valid usernames. The issue stems from observable error messages when the affected API is invoked, enabling an attacker ...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.9 views

Cisco Identity Services Engine Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Identity Services Engine due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

8.1CVSS8.2AI score0.99506EPSS
Exploits68References3
EUVD
EUVD
added 2026/04/15 6:31 p.m.5 views

EUVD-2026-22958

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 5:17 p.m.4 views

CVE-2026-20132

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:11 p.m.65 views

CVE-2026-20136

CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...

6CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/15 4:3 p.m.22 views

CVE-2026-20148

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by a path traversal vulnerability due to improper input validation. An authenticated attacker with administrative credentials can issue a crafted HTTP request to read arbitrary files on the underlying OS. Exploitation details indicate ...

4.9CVSS6AI score0.06919EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/15 4:3 p.m.20 views

CVE-2026-20132 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS0.00173EPSS
Exploits0References1
CVE
CVE
added 2026/04/15 4:3 p.m.74 views

CVE-2026-20132

Cisco Identity Services Engine (ISE) web-based management interface contains multiple XSS weaknesses due to insufficient input sanitization. Exploitation requires an authenticated user with administrative write privileges; an attacker could trigger stored or reflected XSS by convincing a user to ...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2026/04/15 4:0 p.m.35 views

Cisco Identity Services Engine Authenticated Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...

6CVSS5.8AI score0.00499EPSS
Exploits0References1
Cisco
Cisco
added 2026/04/15 4:0 p.m.33 views

Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder