Cisco Identity Services Engine vulnerabilities

CVE-2018-0214 [MEDIUM] CWE-20 CVE-2018-0214: A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authe A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user, aka Command Injection. These commands should have been restricted from this user. The vulnerability is due to insufficient input va

CVE-2018-0216 [MEDIUM] CWE-352 CVE-2018-0216: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an af

CVE-2018-0211 [MEDIUM] CWE-20 CVE-2018-0211: A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authe A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could e

CVE-2018-0215 [MEDIUM] CWE-352 CVE-2018-0215: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections on the web-based management interface of an aff

CVE-2018-0212 [MEDIUM] CWE-79 CVE-2018-0212: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-base

CVE-2017-12261 [HIGH] CWE-264 CVE-2017-12261: A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessib A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could

CVE-2017-6747 [CRITICAL] CWE-287 CVE-2017-6747: A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenti

CVE-2017-6734 [MEDIUM] CWE-79 CVE-2017-6734: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Softwa A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(

CVE-2017-6733 [MEDIUM] CWE-79 CVE-2017-6733: A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) p A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.15

CVE-2017-6701 [MEDIUM] CWE-79 CVE-2017-6701: A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101).

CVE-2017-6605 [MEDIUM] CWE-79 CVE-2017-6605: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc85415. Known Affected Releases: 2.1(0.800).

CVE-2017-6653 [HIGH] CWE-399 CVE-2017-6653: A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP r

CVE-2016-9198 [HIGH] CWE-399 CVE-2016-9198: A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199).

CVE-2016-6453 [HIGH] CWE-89 CVE-2016-6453: A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an aut A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).

CVE-2012-3908 [MEDIUM] CWE-352 CVE-2012-3908: Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface ( Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.