Cisco Identity Services Engine vulnerabilities

CVE-2023-20174 [MEDIUM] CWE-611 CVE-2023-20174: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (IS Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the

CVE-2023-20167 [MEDIUM] CWE-24 CVE-2023-20167: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attack Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For mo

CVE-2023-20077 [MEDIUM] CWE-37 CVE-2023-20077: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (IS Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted H

CVE-2023-20087 [MEDIUM] CWE-37 CVE-2023-20087: Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (IS Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted H

CVE-2023-20172 [MEDIUM] CWE-602 CVE-2023-20172: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attack Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this

CVE-2023-20166 [MEDIUM] CWE-24 CVE-2023-20166: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attack Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For mo

CVE-2023-20171 [MEDIUM] CWE-602 CVE-2023-20171: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attack Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this

CVE-2023-20106 [LOW] CWE-602 CVE-2023-20106: Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attack Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this ad

CVE-2023-20122 [HIGH] CWE-77 CVE-2023-20122: Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilit

CVE-2023-20021 [MEDIUM] CWE-78 CVE-2023-20021: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20022 [MEDIUM] CWE-78 CVE-2023-20022: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20023 [MEDIUM] CWE-78 CVE-2023-20023: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20152 [MEDIUM] CWE-77 CVE-2023-20152: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20121 [MEDIUM] CWE-77 CVE-2023-20121: Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabil

CVE-2023-20153 [MEDIUM] CWE-77 CVE-2023-20153: Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow a Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These

CVE-2023-20030 [MEDIUM] CWE-611 CVE-2023-20030: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerab

CVE-2023-20085 [MEDIUM] CWE-79 CVE-2023-20085: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-b

CVE-2022-20964 [HIGH] CWE-78 CVE-2022-20964: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. An attacker could exploit this

CVE-2022-20965 [MEDIUM] CWE-648 CVE-2022-20965: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker coul

CVE-2022-20966 [MEDIUM] CWE-79 CVE-2022-20966: A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within th