Identity Services Engine Security Vulnerabilities and Issues — Identity Services Engine CVE List

Lucene search

CiscoIdentity Services Engine

7 matches found

CVE•added 2018/03/08 7:29 a.m.•50 views

CVE-2018-0213

A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to ...

8.8CVSS8.7AI score0.00969EPSS

CVE•added 2018/03/08 7:29 a.m.•48 views

CVE-2018-0221

A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials fo...

7.2CVSS6.8AI score0.00356EPSS

CVE•added 2018/03/08 7:29 a.m.•47 views

CVE-2018-0216

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF prot...

5.8CVSS5.8AI score0.00105EPSS

CVE•added 2018/03/08 7:29 a.m.•46 views

CVE-2018-0214

A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this ...

5.3CVSS6AI score0.00272EPSS

CVE•added 2018/03/08 7:29 a.m.•44 views

CVE-2018-0211

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI u...

4.9CVSS5AI score0.00092EPSS

CVE•added 2018/03/08 7:29 a.m.•44 views

CVE-2018-0215

6.8CVSS6.6AI score0.00146EPSS

CVE•added 2018/03/08 7:29 a.m.•35 views

CVE-2018-0212

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insuff...

6.1CVSS5.9AI score0.00332EPSS