Lucene search
K

827 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.65 views

Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)

According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the...

9.1CVSS7.4AI score0.00748EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 4:17 p.m.9 views

EUVD-2026-37749

A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...

7.5CVSS5.4AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 4:17 p.m.81 views

CVE-2026-20190

Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/17 4:16 p.m.15 views

EUVD-2026-37748

A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.1CVSS5.9AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-20147

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.5AI score0.11679EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 5:16 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 4:14 p.m.8 views

CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 4:14 p.m.26 views

CVE-2026-20195

The CVE concerns Cisco Identity Services Engine (ISE) where an identity management API endpoint exposes error-based responses that let unauthenticated remote attackers enumerate valid usernames. The issue stems from observable error messages when the affected API is invoked, enabling an attacker ...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.9 views

Cisco Identity Services Engine Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)

According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Identity Services Engine due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...

8.1CVSS8.2AI score0.99506EPSS
Exploits68References3
EUVD
EUVD
added 2026/04/15 6:31 p.m.5 views

EUVD-2026-22958

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 4:11 p.m.65 views

CVE-2026-20136

CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...

6CVSS5.8AI score0.00499EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/15 4:3 p.m.22 views

CVE-2026-20148

Cisco Identity Services Engine (ISE) and ISE-PIC are affected by a path traversal vulnerability due to improper input validation. An authenticated attacker with administrative credentials can issue a crafted HTTP request to read arbitrary files on the underlying OS. Exploitation details indicate ...

4.9CVSS6AI score0.06919EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/15 4:3 p.m.74 views

CVE-2026-20132

Cisco Identity Services Engine (ISE) web-based management interface contains multiple XSS weaknesses due to insufficient input sanitization. Exploitation requires an authenticated user with administrative write privileges; an attacker could trigger stored or reflected XSS by convincing a user to ...

4.8CVSS5.8AI score0.00173EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.10 views

PT-2026-33094

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on the...

9.9CVSS6.3AI score0.06315EPSS
Exploits0References12
VulnCheck KEV
VulnCheck KEV
added 2026/02/24 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-20029

A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...

4.9CVSS6AI score0.05638EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2026/01/16 5:26 p.m.12 views

CVE-2026-20047

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS6.1AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 5:16 p.m.4 views

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS6AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 5:16 p.m.5 views

CVE-2026-20047

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...

4.8CVSS6AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/15 4:32 p.m.8 views

EUVD-2026-2748

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS5.5AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.6 views

Cisco Identity Services Engine and Cisco ISE Passive Identity Connector security vulnerabilities

Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of the American company Cisco. Cisco Identity Services Engine is an Identity Services Engine ISE platform. This platform collects real-time information from networks, users, and devices, and develo...

4.8CVSS5.7AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder