19 matches found
EUVD-2023-24373
Malicious code in bioql PyPI...
Cisco Identity Services Engine Privilege Escalation (cisco-sa-ise-priv-esc-KJLp2Aw)
According to its self-reported version, Cisco Identity Services Engine is affected by a privilege escalation vulnerability that allows an authenticated, Administrator-level attacker to read arbitrary files due to a flaw in the ERS API. This can be exploited by sending a crafted request. Please se...
CVE-2023-20194
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This...
CVE-2023-20194
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This...
Input validation
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This...
CVE-2023-20194
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This...
CVE-2023-20194
Cisco ISE ERS API vulnerability (CVE-2023-20194) allows an authenticated Administrator to read arbitrary OS files due to improper privilege management in the ERS API. Exploitation requires valid admin privileges and a crafted ERS API request; impact is information disclosure and potential privile...
CVE-2023-20194
A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This...
CVE-2022-20959
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient input...
CVE-2022-20959
CVE-2022-20959 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The issue arises from insufficient input validation, allowing an authenticated, remote attacker to trick an administrator into clicking a malicious link, leading to cross-site scripting (XSS) ...
Cisco Identity Services Engine XSS (cisco-sa-ise-xss-twLnpy3M)
According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting XSS vulnerability due to insufficient input validation in the External RESTful Services ERS API. An attacker could exploit this vulnerability by persuading an authenticated administrator o...
CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...
CVE-2022-20914
CVE-2022-20914 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The root cause is excessive verbosity in a REST API output, enabling an authenticated attacker (with ERS admin credentials) to retrieve sensitive information, including admin credentials for a...
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this...
Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability
A vulnerability in the External RESTful Services ERS API of the Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to generate arbitrary certificates signed by the InternalCertificate Authority CA Services on ISE. This vulnerability is due to an incorrect...
CVE-2019-1851
CVE-2019-1851 concerns Cisco Identity Services Engine (ISE) where the External RESTful Services (ERS) API contains an RBAC flaw that lets an authenticated attacker craft requests with admin credentials to generate arbitrary certificates signed by the Internal CA. The root cause is improper RBAC i...
CVE-2019-1851 Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability
A vulnerability in the External RESTful Services ERS API of the Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority CA Services on ISE. This vulnerability is due to an incorrect...
CVE-2019-1851 Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability
A vulnerability in the External RESTful Services ERS API of the Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority CA Services on ISE. This vulnerability is due to an incorrect...
Cisco Identity Services Engine Arbitrary Client Certificate Creation Vulnerability
A vulnerability in the External RESTful Services ERS API of the Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to generate arbitrary certificates signed by the Internal Certificate Authority CA Services on ISE. This vulnerability is due to an incorrect...