Filtered by vendor Cisco Subscriptions
Filtered by product Identity Services Engine Software Subscriptions
Total 51 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-15281 1 Cisco 1 Identity Services Engine Software 2024-11-21 4.8 Medium
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
CVE-2019-15282 1 Cisco 1 Identity Services Engine Software 2024-11-21 5.3 Medium
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
CVE-2024-20469 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-09-20 6 Medium
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid Administrator privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.
CVE-2013-5538 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-09-17 N/A
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
CVE-2013-1125 1 Cisco 10 Application Networking Manager, Context Directory Agent, Identity Services Engine Software and 7 more 2024-09-17 N/A
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
CVE-2018-15463 1 Cisco 1 Identity Services Engine Software 2024-09-17 N/A
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
CVE-2013-5540 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-09-17 N/A
The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.
CVE-2013-3413 1 Cisco 1 Identity Services Engine Software 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
CVE-2012-5744 1 Cisco 1 Identity Services Engine Software 2024-09-17 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.
CVE-2013-5521 1 Cisco 1 Identity Services Engine Software 2024-09-16 N/A
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
CVE-2013-3420 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-09-16 N/A
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
CVE-2013-5541 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-09-16 N/A
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.
CVE-2018-15440 1 Cisco 1 Identity Services Engine Software 2024-09-16 N/A
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
CVE-2013-5539 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-09-16 N/A
The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.
CVE-2013-1196 1 Cisco 11 Application Networking Manager, Context Directory Agent, Identity Services Engine Software and 8 more 2024-09-16 N/A
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
CVE-2013-5531 1 Cisco 1 Identity Services Engine Software 2024-09-16 N/A
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
CVE-2024-20417 1 Cisco 1 Identity Services Engine Software 2024-08-27 6.5 Medium
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An attacker could exploit these vulnerabilities by sending crafted input to an affected device. A successful exploit could allow the attacker to view or modify data on the affected device.
CVE-2011-3290 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-08-06 N/A
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
CVE-2012-3908 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2024-08-06 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
CVE-2013-5524 1 Cisco 1 Identity Services Engine Software 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.