176 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2023-20194
Cisco ISE ERS API vulnerability (CVE-2023-20194) allows an authenticated Administrator to read arbitrary OS files due to improper privilege management in the ERS API. Exploitation requires valid admin privileges and a crafted ERS API request; impact is information disclosure and potential privile...
CVE-2022-20914
CVE-2022-20914 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The root cause is excessive verbosity in a REST API output, enabling an authenticated attacker (with ERS admin credentials) to retrieve sensitive information, including admin credentials for a...
CVE-2022-20964
Cisco Identity Services Engine (ISE) web-based management interface vulnerability CVE-2022-20964 allows an authenticated, remote attacker to inject arbitrary OS commands due to improper input validation. Exploitation would run commands with the web services user’s privileges. The primary CVE reco...
CVE-2022-20965
CVE-2022-20965 concerns Cisco Identity Services Engine (ISE). The issue is improper access control in the web-based management interface, allowing an authenticated, remote attacker to perform privileged actions by sending direct requests that bypass internal checks. Affected product is Cisco ISE;...
CVE-2022-20967
CVE-2022-20967 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is stored cross-site scripting caused by improper validation of input before storage, enabling an authenticated, remote attacker to inject malicious HTML/script that can be used in subsequent XSS...
CVE-2022-20966
Cisco Identity Services Engine (ISE) web-based management interface is affected by a stored XSS flaw due to improper input validation before storage. An authenticated, remote attacker could inject malicious HTML/script via entries created in the interface, enabling XSS against other users. Affect...
CVE-2025-20337
CVE-2025-20337 affects Cisco Identity Services Engine (ISE) and ISE-PIC via an API injection vulnerability. An unauthenticated, remote attacker can submit a crafted API request to exploit insufficient input validation and achieve arbitrary code execution as root on the underlying OS. Reported imp...
CVE-2025-20124
Cisco Identity Services Engine (ISE) exposes a vulnerability via insecure Java deserialization in its API. An authenticated attacker with valid read-only credentials can send a crafted serialized Java object to the affected API to execute arbitrary commands on the device with root privileges, pot...
CVE-2025-20281
CVE-2025-20281 affects Cisco Identity Services Engine (ISE) and ISE-PIC via an exposed API where insufficient input validation enables unauthenticated remote code execution as root. The flaw is described as an input-validation vulnerability in a specific API endpoint, allowing an attacker to craf...
CVE-2022-20756
A vulnerability (CVE-2022-20756) affects Cisco Identity Services Engine (ISE) RADIUS service. An unauthenticated, remote attacker can send crafted RADIUS requests to cause ISE to stop processing RADIUS packets, leading to authentication/authorization timeouts and denied legitimate requests. Root ...
CVE-2025-20125
Cisco ISE (Identity Services Engine) vulnerability CVE-2025-20125 affects the API layer and is tied to multiple issues including insecure Java deserialization and inadequate authorization. An attacker with valid read-only credentials can remotely access the device to obtain sensitive information,...
CVE-2019-12644
The CVE-2019-12644 entry concerns Cisco Identity Services Engine (ISE) with a web-based management interface XSS vulnerability. The issue arises from the interface’s failure to properly validate user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a craft...
CVE-2022-20782
CVE-2022-20782 describes an information-disclosure vulnerability in Cisco Identity Services Engine (ISE) web-based management interface. The issue stems from improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges ...
CVE-2023-20021
CVE-2023-20021 concerns multiple privilege-escalation vulnerabilities in Cisco Identity Services Engine (ISE) related to CLI command handling. The issues arise from insufficient validation of user-supplied CLI input, enabling an authenticated local attacker with Administrator privileges to perfor...
CVE-2026-20147
Cisco CVE-2026-20147 affects Cisco Identity Services Engine (ISE) and ISE-PIC. An authenticated, remote attacker with valid administrative credentials can exploit insufficient input validation via a crafted HTTP request to execute arbitrary commands on the device’s underlying OS, potentially gain...
CVE-2023-20085
Cisco Identity Services Engine (ISE) web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could inject malicious scripts on management pages, potentially executing in the user’s browser context or acce...
CVE-2025-20286
CVE-2025-20286 concerns Cisco Identity Services Engine (ISE) deployed on cloud platforms (AWS, Azure, OCI). The root cause is improper credential generation that causes different ISE deployments using the same credentials when the software release and cloud platform are identical. An unauthentica...
CVE-2019-15255
Cisco Identity Services Engine (ISE) web-based management interface suffers an authorization bypass due to insufficient URL input sanitization. Authenticated, remote attacker could craft a URL to bypass authentication and access sensitive device information. Affected product is Cisco ISE (notably...
CVE-2026-20181
Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...
CVE-2023-20243
CVE-2023-20243 describes a denial-of-service in Cisco Identity Services Engine (ISE) due to improper handling of certain RADIUS accounting requests. An unauthenticated, remote attacker can trigger the RADIUS process to restart, causing authentication/authorization timeouts and denying service for...
CVE-2020-3589
CVE-2020-3589 is a cross-site scripting (XSS) vulnerability affecting Cisco Identity Services Engine (ISE) Web-based management interface. The issue arises from improper validation of user-supplied input, enabling an authenticated, remote attacker with administrative credentials to inject malicio...
CVE-2022-20822
Cisco Identity Services Engine (ISE) is affected via its web-based management interface. The root cause is insufficient validation of user-supplied input, enabling authenticated, remote attackers to read and delete files by sending crafted HTTP requests with path-sequence characters. Reported imp...
CVE-2025-20282
CVE-2025-20282 affects Cisco ISE and ISE-PIC. An unauthenticated attacker can exploit an internal API to upload arbitrary files via the vulnerable endpoint /api/v1/config/upload , bypassing validation and enabling the execution of those files on the host with root privileges. The issue arises fro...
CVE-2022-20956
Cisco Identity Services Engine (ISE) exposes a vulnerability in its web-based management interface where improper access control could allow an authenticated remote attacker to bypass authorization and access system files. The issue arises from insufficient access controls in the web UI, enabling...
CVE-2024-20251
Cisco Identity Services Engine (ISE) web-based management interface is affected by a stored XSS due to improper input validation. An authenticated, remote attacker could inject malicious script on interface pages, potentially executing code in the user’s browser or accessing browser-based data. M...
CVE-2024-20531
Cisco Identity Services Engine (ISE) API is affected by an XXE-based vulnerability in XML input handling, allowing an authenticated remote attacker with Super Admin credentials to read arbitrary OS files and perform SSRF. Root cause: improper XML External Entity processing in the API. Exploitatio...
CVE-2024-20417
Cisco CVE-2024-20417 affects the REST API of Cisco Identity Services Engine (ISE). The issue stems from insufficient validation of user-supplied input in REST API calls, allowing an authenticated, remote attacker to perform blind SQL injection and view or modify data on the affected device. Affec...
CVE-2022-20959
CVE-2022-20959 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The issue arises from insufficient input validation, allowing an authenticated, remote attacker to trick an administrator into clicking a malicious link, leading to cross-site scripting (XSS) ...
CVE-2023-20030
Cisco Identity Services Engine (ISE) exposes a XXE-based vulnerability in its web-based management interface. The issue arises from improper handling of XML External Entity entries when parsing certain XML files, enabling an authenticated, remote attacker (requiring Super Admin or Policy Admin cr...
CVE-2023-20175
CVE-2023-20175 applies to Cisco Identity Services Engine (ISE). Affected: ISE CLI command allows an authenticated, local attacker with at least Read-only privileges to submit crafted CLI input, triggering command injection and potential root privilege escalation on the underlying OS. Root cause: ...
CVE-2021-1306
CVE-2021-1306 is a local file inclusion vulnerability in the restricted shell of Cisco EPN Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. An authenticated shell user can exploit improper validation of CLI parameters to identify directories and write arbitrary files...
CVE-2022-20733
Cisco Identity Services Engine (ISE) is affected by CVE-2022-20733, a vulnerability in the login page caused by exposed SAML metadata that can allow an unauthenticated remote attacker to bypass authentication and gain unrestricted access to all roles. The issue is tied to a SAML metadata exposure...
CVE-2023-20167
Cisco Identity Services Engine (ISE) contains path traversal vulnerabilities that could let an authenticated Administrator read arbitrary files on the underlying OS or escalate to root. The issue affects ISE’s web management interface and is caused by improper validation of user-supplied input, r...
CVE-2020-27122
CVE-2020-27122 concerns Cisco Identity Services Engine (ISE) privilege escalation via the Microsoft Active Directory integration. Affected functionality allows an authenticated local attacker with a valid administrator account to exploit incorrect privilege assignment to obtain root privileges on...
CVE-2021-1594
CVE-2021-1594 affects Cisco Identity Services Engine (ISE). The REST API is vulnerable to a command injection due to insufficient input validation on specific endpoints. An unauthenticated, remote attacker could leverage this by positioning themselves in a Man-in-the-Middle role to intercept and ...
CVE-2026-20190
Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...
CVE-2022-20937
The CVE-2022-20937 issue affects Cisco Identity Services Engine (ISE) Software and describes a resource-management DoS vulnerability: unauthenticated, remote actors can reduce device performance by sending specific RADIUS traffic, causing delays in RADIUS authentications. Public details in connec...
CVE-2023-20121
CVE-2023-20121 covers multiple vulnerabilities in the restricted shell of Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure. The issue arises from improper validation of parameters in a CLI command within the restricted shell, enabling an authenticated, local attacker to escape the restricted...
CVE-2024-20296
CVE-2024-20296 affects Cisco Identity Services Engine (ISE) via the web-based management interface. An authenticated attacker with Policy Admin credentials can upload arbitrary files, due to improper validation during upload. This could enable storing malicious files, executing OS commands, and e...
CVE-2024-20528
CVE-2024-20528 is an authenticated API path traversal vulnerability in Cisco Identity Services Engine (ISE). The issue stems from insufficient validation of user-supplied parameters in API requests, enabling a remote attacker with valid Super Admin credentials to upload files to arbitrary locatio...
CVE-2025-20152
CVE-2025-20152 is a Cisco ISE vulnerability in the RADIUS message processing path. An unauthenticated, remote attacker can trigger a DoS by sending crafted RADIUS requests, potentially causing Cisco ISE to reload. The issue is tied to improper handling of certain RADIUS messages. Affected product...
CVE-2024-20527
CVE-2024-20527 affects Cisco Identity Services Engine (ISE). The vulnerability is in the ISE API where insufficient validation of user-supplied parameters in API requests could allow an authenticated remote attacker with Super Admin credentials to read or delete arbitrary files on the device’s un...
CVE-2024-20532
Cisco ISE exposes an API vulnerability that allows an authenticated, remote attacker with Super Admin credentials to read and delete arbitrary files on the device due to insufficient parameter validation. The issue affects the ISE API layer and stems from weak input validation in API requests, en...
CVE-2019-12637
Cisco Identity Services Engine (ISE) web-based management interface is affected by multiple stored XSS vulnerabilities due to insufficient validation of user input. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the user’s...
CVE-2023-20022
CVE-2023-20022 relates to multiple privilege-escalation vulnerabilities in Cisco Identity Services Engine (ISE) related to command injection via abused CLI commands. The issues arise from insufficient validation of user-supplied input and require an authenticated, local attacker with Administrato...
CVE-2023-20023
Cisco Identity Services Engine (ISE) CLI command vulnerability: multiple input validation issues allow an authenticated local attacker with Administrator privileges to inject commands and potentially gain root privileges. Affected product: ISE; root cause: insufficient validation of user-supplied...
CVE-2022-20961
CVE-2022-20961 refers to a CSRF vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE). The issue arises from insufficient CSRF protections, allowing an unauthenticated, remote attacker to trick a logged-in user into performing arbitrary actions on the affecte...
CVE-2023-20213
CVE-2023-20213 merupakan DoS pada Cisco ISE melalui fitur pemrosesan CDP. Outputnya adalah crash pada proses CDP akibat bounds checking yang tidak memadai saat memproses lalu lintas CDP, memungkinkan penyerang adjacent tanpa autentikasi untuk memicu gangguan layanan. Dampaknya adalah terganggunya...
CVE-2024-20529
Cisco Identity Services Engine (ISE) API vulnerability could allow an authenticated remote attacker with Super Admin credentials to read or delete arbitrary files due to insufficient validation of user-supplied API parameters. PT-2024-18676 notes affected software prior to 3.3.0 and recommends up...