CVE-2018-0214Improper Input Validation in Cisco Identity Services Engine

CWE-20Improper Input ValidationCWE-78OS Command Injection4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 49.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine
Timeline
PublishedMar 8
Latest updateMay 13

Description

A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this user. The vulnerability is due to insufficient input validation of CLI command user input. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a CLI comman

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages1 packages

NVDcisco/identity_services_engine2.1\(102.103\)

🔴Vulnerability Details

2
GHSA
GHSA-2qrx-vr2m-vjfp: A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary comm2022-05-13
CVEList
CVE-2018-0214: A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary comm2018-03-08

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Local Command Injection Vulnerability2018-03-07
CVE-2018-0214 — Improper Input Validation in Cisco | cvebase