Cisco Identity Services Engine Privilege Escalation CVE-2023-20193 (cisco-sa-ise-priv-esc-KJLp2Aw)

According to its self-reported version, Cisco Identity Services Engine is affected by a privilege escalation vulnerability that allows an authenticated, Administrator-level attacker to read, write and delete arbitrary files and elevate their privileges to root due to improper privilege management...

CVE-2022-20937

The CVE-2022-20937 issue affects Cisco Identity Services Engine (ISE) Software and describes a resource-management DoS vulnerability: unauthenticated, remote actors can reduce device performance by sending specific RADIUS traffic, causing delays in RADIUS authentications. Public details in connec...

Cross site scripting

A vulnerability in the External RESTful Services ERS API of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient input...

CVE-2022-20914

CVE-2022-20914 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The root cause is excessive verbosity in a REST API output, enabling an authenticated attacker (with ERS admin credentials) to retrieve sensitive information, including admin credentials for a...

CVE-2021-34759

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

CVE-2020-3149 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack on an affected device. The vulnerability is due to insufficient input validation by the web-based...

CVE-2019-15282

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

Cisco Identity Services Engine Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability exists...

CVE-2019-12644

The CVE-2019-12644 entry concerns Cisco Identity Services Engine (ISE) with a web-based management interface XSS vulnerability. The issue arises from the interface’s failure to properly validate user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a craft...

CVE-2019-1719

CVE-2019-1719 concerns a cross-site scripting vulnerability in the Cisco Identity Services Engine (ISE) web-based guest portal. The issue arises from insufficient validation of user-supplied input in the web interface, allowing an authenticated, remote attacker to lure a user into clicking a craf...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected device, related to the Guest Portal. More Information:...

CVE-2012-5744

The CVE-2012-5744 issue concerns multiple XSS vulnerabilities in the Cisco Identity Services Engine (ISE) guest portal. Connected sources specify that the flaw stems from improper input validation in the guest portal, enabling an unauthenticated or remote attacker to lure a user to a link and cau...