827 matches found
Cisco Identity Services Engine (cisco-sa-ise-multi-G5WP8vv)
According to its self-reported version, Cisco ISE is affected by a vulnerability. - A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the...
EUVD-2026-37749
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An attacker could exploit this vulnerability by sending crafted...
CVE-2026-20190
Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...
EUVD-2026-37748
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20147
A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20193
A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...
CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability
A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...
CVE-2026-20195
The CVE concerns Cisco Identity Services Engine (ISE) where an identity management API endpoint exposes error-based responses that let unauthenticated remote attackers enumerate valid usernames. The issue stems from observable error messages when the affected API is invoked, enabling an attacker ...
Cisco Identity Services Engine Remote Code Execution Vulnerability (regreSSHion) (cisco-sa-openssh-rce-2024)
According to its self-reported version, Cisco Identity Services Engine is affected by a vulnerability. - A remote code execution vulnerability exists in Cisco Identity Services Engine due to a signal handler race condition found in sshd, where a client does not authenticate within LoginGraceTime...
EUVD-2026-22958
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting XSS attack or a reflected XSS attack against a user of the web-based...
CVE-2026-20136
CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...
CVE-2026-20148
Cisco Identity Services Engine (ISE) and ISE-PIC are affected by a path traversal vulnerability due to improper input validation. An authenticated attacker with administrative credentials can issue a crafted HTTP request to read arbitrary files on the underlying OS. Exploitation details indicate ...
CVE-2026-20132
Cisco Identity Services Engine (ISE) web-based management interface contains multiple XSS weaknesses due to insufficient input sanitization. Exploitation requires an authenticated user with administrative write privileges; an attacker could trigger stored or reflected XSS by convincing a user to ...
PT-2026-33094
Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with at least Read Only Admin credentials to execute arbitrary commands on the...
VulnCheck KEV: CVE-2026-20029
A vulnerability in the licensing features of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of X...
CVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
CVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
EUVD-2026-2748
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
Cisco Identity Services Engine and Cisco ISE Passive Identity Connector security vulnerabilities
Cisco Identity Services Engine Cisco ISE and Cisco ISE Passive Identity Connector are both products of the American company Cisco. Cisco Identity Services Engine is an Identity Services Engine ISE platform. This platform collects real-time information from networks, users, and devices, and develo...