CVE-2018-0221 — OS Command Injection in Cisco Identity Services Engine

CWE-78 — OS Command Injection4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.4%

top 42.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Identity Services Engine

Timeline

PublishedMar 8

Latest updateMay 13

Description

A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials for the device. The vulnerability is due to incomplete input validation of user input for certain CLI ISE configuration commands. An attacker could exploit this vulnerability by authenticating as an admi…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

▶NVDcisco/identity_services_engine6 versions+5

🔴Vulnerability Details

GHSA

GHSA-g4f6-m2vq-p28h: A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command↗2022-05-13

▶

CVEList

CVE-2018-0221: A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command↗2018-03-08

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Command Injection to Underlying Operating System Vulnerability↗2018-03-08

▶