Identity Services Engine Software Security Vulnerabilities and Issues — Identity Services Engine Software CVE List

Lucene search

CiscoIdentity Services Engine Software

8 matches found

CVE•added 2019/10/16 7:15 p.m.•77 views

CVE-2019-15282

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interf...

5.3CVSS4.9AI score0.01094EPSS

CVE•added 2014/12/22 7:59 p.m.•46 views

CVE-2014-8017

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

5CVSS6.9AI score0.00152EPSS

CVE•added 2013/10/25 3:52 a.m.•45 views

CVE-2013-5521

Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.

5CVSS6.8AI score0.00474EPSS

CVE•added 2013/10/25 3:52 a.m.•41 views

CVE-2013-5531

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

5CVSS6.7AI score0.00248EPSS

CVE•added 2015/06/12 2:59 p.m.•39 views

CVE-2015-4182

The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.

5.5CVSS6.1AI score0.00206EPSS

CVE•added 2015/08/28 3:59 p.m.•39 views

CVE-2015-6266

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

5CVSS6.1AI score0.0023EPSS

CVE•added 2015/05/29 3:59 p.m.•35 views

CVE-2015-0757

The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.

5CVSS6.4AI score0.00261EPSS

CVE•added 2013/10/16 10:52 a.m.•34 views

CVE-2013-5538

The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.

5CVSS6.9AI score0.0019EPSS