Cisco Identity Services Engine Software vulnerabilities

CVE-2023-20152 [MEDIUM] CWE-77 CVE-2023-20152: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20021 [MEDIUM] CWE-78 CVE-2023-20021: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20022 [MEDIUM] CWE-78 CVE-2023-20022: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20023 [MEDIUM] CWE-78 CVE-2023-20023: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20153 [MEDIUM] CWE-77 CVE-2023-20153: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20121 [MEDIUM] CWE-77 CVE-2023-20121: Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabil

CVE-2023-20030 [MEDIUM] CWE-611 CVE-2023-20030: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerab

CVE-2023-20085 [MEDIUM] CWE-79 CVE-2023-20085: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-b

CVE-2022-20964 [HIGH] CWE-78 CVE-2022-20964: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. An attacker could exploit this

CVE-2022-20965 [MEDIUM] CWE-648 CVE-2022-20965: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker coul

CVE-2022-20967 [MEDIUM] CWE-79 CVE-2022-20967: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within th

CVE-2022-20966 [MEDIUM] CWE-79 CVE-2022-20966: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within th

CVE-2022-20961 [HIGH] CWE-352 CVE-2022-20961: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an a

CVE-2022-20962 [HIGH] CWE-37 CVE-2022-20962: A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could al A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to make unauthorized changes to the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request with a

CVE-2022-20956 [HIGH] CWE-648 CVE-2022-20956: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sen

CVE-2022-20963 [MEDIUM] CWE-87 CVE-2022-20963: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-bas

CVE-2022-20937 [MEDIUM] CWE-410 CVE-2022-20937: A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) S A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attacker could exploit this vulnerability by taking action

CVE-2022-20822 [HIGH] CWE-22 CVE-2022-20822: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contai

CVE-2022-20959 [MEDIUM] CWE-79 CVE-2022-20959: A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) S A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulne

CVE-2022-20914 [MEDIUM] CWE-549 CVE-2022-20914: A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) S A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to excessive verbosity in a specific REST API output. An attacker could exploit this vulnerability by sending a crafted HTTP request to th