Lucene search
+L
CiscoIdentity Services Engine

176 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6941 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2023/09/07 7:31 p.m.2522 views

CVE-2023-20194

Cisco ISE ERS API vulnerability (CVE-2023-20194) allows an authenticated Administrator to read arbitrary OS files due to improper privilege management in the ERS API. Exploitation requires valid admin privileges and a crafted ERS API request; impact is information disclosure and potential privile...

4.9CVSS5AI score0.00535EPSS
CVE
CVE
added 2022/08/10 8:11 a.m.771 views

CVE-2022-20914

CVE-2022-20914 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The root cause is excessive verbosity in a REST API output, enabling an authenticated attacker (with ERS admin credentials) to retrieve sensitive information, including admin credentials for a...

4.9CVSS5.2AI score0.00831EPSS
CVE
CVE
added 2023/01/18 5:47 p.m.555 views

CVE-2022-20964

Cisco Identity Services Engine (ISE) web-based management interface vulnerability CVE-2022-20964 allows an authenticated, remote attacker to inject arbitrary OS commands due to improper input validation. Exploitation would run commands with the web services user’s privileges. The primary CVE reco...

8.8CVSS8.8AI score0.30649EPSS
CVE
CVE
added 2023/01/18 5:44 p.m.502 views

CVE-2022-20965

CVE-2022-20965 concerns Cisco Identity Services Engine (ISE). The issue is improper access control in the web-based management interface, allowing an authenticated, remote attacker to perform privileged actions by sending direct requests that bypass internal checks. Affected product is Cisco ISE;...

5.4CVSS5.4AI score0.00607EPSS
CVE
CVE
added 2023/01/18 5:48 p.m.500 views

CVE-2022-20967

CVE-2022-20967 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is stored cross-site scripting caused by improper validation of input before storage, enabling an authenticated, remote attacker to inject malicious HTML/script that can be used in subsequent XSS...

5.4CVSS5.3AI score0.00541EPSS
CVE
CVE
added 2023/01/18 5:46 p.m.493 views

CVE-2022-20966

Cisco Identity Services Engine (ISE) web-based management interface is affected by a stored XSS flaw due to improper input validation before storage. An authenticated, remote attacker could inject malicious HTML/script via entries created in the interface, enabling XSS against other users. Affect...

5.4CVSS5.3AI score0.276EPSS
CVE
CVE
added 2025/07/16 4:17 p.m.306 views

CVE-2025-20337

CVE-2025-20337 affects Cisco Identity Services Engine (ISE) and ISE-PIC via an API injection vulnerability. An unauthenticated, remote attacker can submit a crafted API request to exploit insufficient input validation and achieve arbitrary code execution as root on the underlying OS. Reported imp...

10CVSS7.5AI score0.65098EPSS
In wild
CVE
CVE
added 2025/02/05 4:12 p.m.261 views

CVE-2025-20124

Cisco Identity Services Engine (ISE) exposes a vulnerability via insecure Java deserialization in its API. An authenticated attacker with valid read-only credentials can send a crafted serialized Java object to the affected API to execute arbitrary commands on the device with root privileges, pot...

9.9CVSS9.7AI score0.18476EPSS
Web
CVE
CVE
added 2025/06/25 4:11 p.m.186 views

CVE-2025-20281

CVE-2025-20281 affects Cisco Identity Services Engine (ISE) and ISE-PIC via an exposed API where insufficient input validation enables unauthenticated remote code execution as root. The flaw is described as an input-validation vulnerability in a specific API endpoint, allowing an attacker to craf...

10CVSS8.1AI score0.96732EPSS
In wild
CVE
CVE
added 2022/04/06 6:13 p.m.168 views

CVE-2022-20756

A vulnerability (CVE-2022-20756) affects Cisco Identity Services Engine (ISE) RADIUS service. An unauthenticated, remote attacker can send crafted RADIUS requests to cause ISE to stop processing RADIUS packets, leading to authentication/authorization timeouts and denied legitimate requests. Root ...

8.6CVSS7.8AI score0.01433EPSS
CVE
CVE
added 2025/02/05 4:12 p.m.167 views

CVE-2025-20125

Cisco ISE (Identity Services Engine) vulnerability CVE-2025-20125 affects the API layer and is tied to multiple issues including insecure Java deserialization and inadequate authorization. An attacker with valid read-only credentials can remotely access the device to obtain sensitive information,...

9.1CVSS6.7AI score0.16743EPSS
CVE
CVE
added 2019/09/05 1:20 a.m.165 views

CVE-2019-12644

The CVE-2019-12644 entry concerns Cisco Identity Services Engine (ISE) with a web-based management interface XSS vulnerability. The issue arises from the interface’s failure to properly validate user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a craft...

6.1CVSS5.9AI score0.01109EPSS
CVE
CVE
added 2022/04/06 6:11 p.m.149 views

CVE-2022-20782

CVE-2022-20782 describes an information-disclosure vulnerability in Cisco Identity Services Engine (ISE) web-based management interface. The issue stems from improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges ...

6.5CVSS6.3AI score0.0097EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.137 views

CVE-2023-20021

CVE-2023-20021 concerns multiple privilege-escalation vulnerabilities in Cisco Identity Services Engine (ISE) related to CLI command handling. The issues arise from insufficient validation of user-supplied CLI input, enabling an authenticated local attacker with Administrator privileges to perfor...

6.7CVSS6.6AI score0.00465EPSS
CVE
CVE
added 2026/04/15 4:3 p.m.131 views

CVE-2026-20147

Cisco CVE-2026-20147 affects Cisco Identity Services Engine (ISE) and ISE-PIC. An authenticated, remote attacker with valid administrative credentials can exploit insufficient input validation via a crafted HTTP request to execute arbitrary commands on the device’s underlying OS, potentially gain...

9.9CVSS6.2AI score0.11679EPSS
CVE
CVE
added 2023/02/16 3:28 p.m.129 views

CVE-2023-20085

Cisco Identity Services Engine (ISE) web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could inject malicious scripts on management pages, potentially executing in the user’s browser context or acce...

6.1CVSS5.9AI score0.00737EPSS
In wild
CVE
CVE
added 2025/06/04 4:18 p.m.129 views

CVE-2025-20286

CVE-2025-20286 concerns Cisco Identity Services Engine (ISE) deployed on cloud platforms (AWS, Azure, OCI). The root cause is improper credential generation that causes different ISE deployments using the same credentials when the software release and cloud platform are identical. An unauthentica...

9.9CVSS9.4AI score0.01083EPSS
CVE
CVE
added 2020/01/26 4:45 a.m.127 views

CVE-2019-15255

Cisco Identity Services Engine (ISE) web-based management interface suffers an authorization bypass due to insufficient URL input sanitization. Authenticated, remote attacker could craft a URL to bypass authentication and access sensitive device information. Affected product is Cisco ISE (notably...

6.5CVSS6.5AI score0.0111EPSS
CVE
CVE
added 2026/06/17 4:16 p.m.125 views

CVE-2026-20181

Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...

9.1CVSS5.9AI score0.00748EPSS
CVE
CVE
added 2020/10/08 4:20 a.m.123 views

CVE-2020-3589

CVE-2020-3589 is a cross-site scripting (XSS) vulnerability affecting Cisco Identity Services Engine (ISE) Web-based management interface. The issue arises from improper validation of user-supplied input, enabling an authenticated, remote attacker with administrative credentials to inject malicio...

4.8CVSS4.9AI score0.00617EPSS
CVE
CVE
added 2023/09/06 5:1 p.m.123 views

CVE-2023-20243

CVE-2023-20243 describes a denial-of-service in Cisco Identity Services Engine (ISE) due to improper handling of certain RADIUS accounting requests. An unauthenticated, remote attacker can trigger the RADIUS process to restart, causing authentication/authorization timeouts and denying service for...

8.6CVSS7.8AI score0.00758EPSS
CVE
CVE
added 2022/10/26 2:0 p.m.112 views

CVE-2022-20822

Cisco Identity Services Engine (ISE) is affected via its web-based management interface. The root cause is insufficient validation of user-supplied input, enabling authenticated, remote attackers to read and delete files by sending crafted HTTP requests with path-sequence characters. Reported imp...

8.1CVSS7.3AI score0.0124EPSS
CVE
CVE
added 2025/06/25 4:29 p.m.111 views

CVE-2025-20282

CVE-2025-20282 affects Cisco ISE and ISE-PIC. An unauthenticated attacker can exploit an internal API to upload arbitrary files via the vulnerable endpoint /api/v1/config/upload , bypassing validation and enabling the execution of those files on the host with root privileges. The issue arises fro...

10CVSS8.2AI score0.09805EPSS
In wildWeb
CVE
CVE
added 2022/11/03 7:28 p.m.110 views

CVE-2022-20956

Cisco Identity Services Engine (ISE) exposes a vulnerability in its web-based management interface where improper access control could allow an authenticated remote attacker to bypass authorization and access system files. The issue arises from insufficient access controls in the web UI, enabling...

8.8CVSS8.5AI score0.01322EPSS
CVE
CVE
added 2024/01/17 4:55 p.m.105 views

CVE-2024-20251

Cisco Identity Services Engine (ISE) web-based management interface is affected by a stored XSS due to improper input validation. An authenticated, remote attacker could inject malicious script on interface pages, potentially executing code in the user’s browser or accessing browser-based data. M...

5.4CVSS5AI score0.00355EPSS
CVE
CVE
added 2024/11/06 4:31 p.m.100 views

CVE-2024-20531

Cisco Identity Services Engine (ISE) API is affected by an XXE-based vulnerability in XML input handling, allowing an authenticated remote attacker with Super Admin credentials to read arbitrary OS files and perform SSRF. Root cause: improper XML External Entity processing in the API. Exploitatio...

6.5CVSS5.7AI score0.00361EPSS
CVE
CVE
added 2024/08/21 7:16 p.m.97 views

CVE-2024-20417

Cisco CVE-2024-20417 affects the REST API of Cisco Identity Services Engine (ISE). The issue stems from insufficient validation of user-supplied input in REST API calls, allowing an authenticated, remote attacker to perform blind SQL injection and view or modify data on the affected device. Affec...

8.1CVSS7AI score0.00498EPSS
CVE
CVE
added 2022/10/26 2:1 p.m.95 views

CVE-2022-20959

CVE-2022-20959 affects Cisco Identity Services Engine (ISE) via the External RESTful Services (ERS) API. The issue arises from insufficient input validation, allowing an authenticated, remote attacker to trick an administrator into clicking a malicious link, leading to cross-site scripting (XSS) ...

6.1CVSS5.9AI score0.00781EPSS
CVE
CVE
added 2023/11/01 5:13 p.m.95 views

CVE-2023-20175

CVE-2023-20175 applies to Cisco Identity Services Engine (ISE). Affected: ISE CLI command allows an authenticated, local attacker with at least Read-only privileges to submit crafted CLI input, triggering command injection and potential root privilege escalation on the underlying OS. Root cause: ...

8.8CVSS8.5AI score0.00496EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.94 views

CVE-2021-1306

CVE-2021-1306 is a local file inclusion vulnerability in the restricted shell of Cisco EPN Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure. An authenticated shell user can exploit improper validation of CLI parameters to identify directories and write arbitrary files...

4.4CVSS4.4AI score0.00212EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.94 views

CVE-2023-20030

Cisco Identity Services Engine (ISE) exposes a XXE-based vulnerability in its web-based management interface. The issue arises from improper handling of XML External Entity entries when parsing certain XML files, enabling an authenticated, remote attacker (requiring Super Admin or Policy Admin cr...

6CVSS6AI score0.0075EPSS
CVE
CVE
added 2022/06/15 5:55 p.m.93 views

CVE-2022-20733

Cisco Identity Services Engine (ISE) is affected by CVE-2022-20733, a vulnerability in the login page caused by exposed SAML metadata that can allow an unauthenticated remote attacker to bypass authentication and gain unrestricted access to all roles. The issue is tied to a SAML metadata exposure...

9.8CVSS7.4AI score0.01045EPSS
CVE
CVE
added 2023/05/18 12:0 a.m.92 views

CVE-2023-20167

Cisco Identity Services Engine (ISE) contains path traversal vulnerabilities that could let an authenticated Administrator read arbitrary files on the underlying OS or escalate to root. The issue affects ISE’s web management interface and is caused by improper validation of user-supplied input, r...

6CVSS5.3AI score0.00494EPSS
CVE
CVE
added 2020/11/06 6:15 p.m.91 views

CVE-2020-27122

CVE-2020-27122 concerns Cisco Identity Services Engine (ISE) privilege escalation via the Microsoft Active Directory integration. Affected functionality allows an authenticated local attacker with a valid administrator account to exploit incorrect privilege assignment to obtain root privileges on...

7.2CVSS5.2AI score0.00302EPSS
CVE
CVE
added 2021/10/06 7:46 p.m.90 views

CVE-2021-1594

CVE-2021-1594 affects Cisco Identity Services Engine (ISE). The REST API is vulnerable to a command injection due to insufficient input validation on specific endpoints. An unauthenticated, remote attacker could leverage this by positioning themselves in a Man-in-the-Middle role to intercept and ...

9.3CVSS8.2AI score0.01398EPSS
CVE
CVE
added 2026/06/17 4:17 p.m.90 views

CVE-2026-20190

Cisco ISE and ISE-PIC are affected by CVE-2026-20190. The issue arises from improper authorization checks when accessing a resource, allowing an unauthenticated, remote attacker to view sensitive information on an affected device. Reported impact includes access to hashed credentials that could b...

7.5CVSS5.5AI score0.00407EPSS
CVE
CVE
added 2022/11/03 7:31 p.m.88 views

CVE-2022-20937

The CVE-2022-20937 issue affects Cisco Identity Services Engine (ISE) Software and describes a resource-management DoS vulnerability: unauthenticated, remote actors can reduce device performance by sending specific RADIUS traffic, causing delays in RADIUS authentications. Public details in connec...

5.3CVSS5.3AI score0.00822EPSS
CVE
CVE
added 2024/07/17 4:28 p.m.88 views

CVE-2024-20296

CVE-2024-20296 affects Cisco Identity Services Engine (ISE) via the web-based management interface. An authenticated attacker with Policy Admin credentials can upload arbitrary files, due to improper validation during upload. This could enable storing malicious files, executing OS commands, and e...

7.2CVSS7.7AI score0.00471EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.87 views

CVE-2023-20121

CVE-2023-20121 covers multiple vulnerabilities in the restricted shell of Cisco EPNM, Cisco ISE, and Cisco Prime Infrastructure. The issue arises from improper validation of parameters in a CLI command within the restricted shell, enabling an authenticated, local attacker to escape the restricted...

6.7CVSS6.5AI score0.00201EPSS
CVE
CVE
added 2024/11/06 4:30 p.m.86 views

CVE-2024-20528

CVE-2024-20528 is an authenticated API path traversal vulnerability in Cisco Identity Services Engine (ISE). The issue stems from insufficient validation of user-supplied parameters in API requests, enabling a remote attacker with valid Super Admin credentials to upload files to arbitrary locatio...

7.2CVSS4.7AI score0.00601EPSS
CVE
CVE
added 2025/05/21 4:19 p.m.86 views

CVE-2025-20152

CVE-2025-20152 is a Cisco ISE vulnerability in the RADIUS message processing path. An unauthenticated, remote attacker can trigger a DoS by sending crafted RADIUS requests, potentially causing Cisco ISE to reload. The issue is tied to improper handling of certain RADIUS messages. Affected product...

8.6CVSS8.6AI score0.00667EPSS
CVE
CVE
added 2024/11/06 4:30 p.m.84 views

CVE-2024-20527

CVE-2024-20527 affects Cisco Identity Services Engine (ISE). The vulnerability is in the ISE API where insufficient validation of user-supplied parameters in API requests could allow an authenticated remote attacker with Super Admin credentials to read or delete arbitrary files on the device’s un...

5.5CVSS5.4AI score0.00526EPSS
CVE
CVE
added 2024/11/06 4:31 p.m.84 views

CVE-2024-20532

Cisco ISE exposes an API vulnerability that allows an authenticated, remote attacker with Super Admin credentials to read and delete arbitrary files on the device due to insufficient parameter validation. The issue affects the ISE API layer and stems from weak input validation in API requests, en...

5.5CVSS5.4AI score0.00545EPSS
CVE
CVE
added 2019/10/16 6:36 p.m.83 views

CVE-2019-12637

Cisco Identity Services Engine (ISE) web-based management interface is affected by multiple stored XSS vulnerabilities due to insufficient validation of user input. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the user’s...

5.4CVSS5.3AI score0.00633EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.83 views

CVE-2023-20023

Cisco Identity Services Engine (ISE) CLI command vulnerability: multiple input validation issues allow an authenticated local attacker with Administrator privileges to inject commands and potentially gain root privileges. Affected product: ISE; root cause: insufficient validation of user-supplied...

6.7CVSS6.6AI score0.00465EPSS
CVE
CVE
added 2022/11/03 6:45 p.m.82 views

CVE-2022-20961

CVE-2022-20961 refers to a CSRF vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE). The issue arises from insufficient CSRF protections, allowing an unauthenticated, remote attacker to trick a logged-in user into performing arbitrary actions on the affecte...

8.8CVSS8.8AI score0.00408EPSS
CVE
CVE
added 2023/04/05 12:0 a.m.82 views

CVE-2023-20022

CVE-2023-20022 relates to multiple privilege-escalation vulnerabilities in Cisco Identity Services Engine (ISE) related to command injection via abused CLI commands. The issues arise from insufficient validation of user-supplied input and require an authenticated, local attacker with Administrato...

6.7CVSS6.6AI score0.00465EPSS
CVE
CVE
added 2023/11/01 4:58 p.m.82 views

CVE-2023-20213

CVE-2023-20213 merupakan DoS pada Cisco ISE melalui fitur pemrosesan CDP. Outputnya adalah crash pada proses CDP akibat bounds checking yang tidak memadai saat memproses lalu lintas CDP, memungkinkan penyerang adjacent tanpa autentikasi untuk memicu gangguan layanan. Dampaknya adalah terganggunya...

4.3CVSS4.9AI score0.00302EPSS
CVE
CVE
added 2024/11/06 4:30 p.m.81 views

CVE-2024-20529

Cisco Identity Services Engine (ISE) API vulnerability could allow an authenticated remote attacker with Super Admin credentials to read or delete arbitrary files due to insufficient validation of user-supplied API parameters. PT-2024-18676 notes affected software prior to 3.3.0 and recommends up...

5.5CVSS5.4AI score0.00526EPSS
Total number of security vulnerabilities176