Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Identity_services_engine
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 128 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-18 | CVE-2023-20164 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 7.2 | ||
| 2023-05-18 | CVE-2023-20166 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 6.7 | ||
| 2023-05-18 | CVE-2023-20167 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 4.9 | ||
| 2023-05-18 | CVE-2023-20171 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 6.5 | ||
| 2023-05-18 | CVE-2023-20172 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 4.9 | ||
| 2023-05-18 | CVE-2023-20173 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 4.9 | ||
| 2023-05-18 | CVE-2023-20174 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | Identity_services_engine | 4.9 | ||
| 2020-11-06 | CVE-2020-27122 | A vulnerability in the Microsoft Active Directory integration of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to elevate privileges on an affected device. To exploit this vulnerability, an attacker would need to have a valid administrator account on an affected device. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to the system with a crafted Active Directory account. A successful... | Identity_services_engine | 6.7 | ||
| 2020-09-23 | CVE-2019-1736 | A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot.... | Fmc1000\-K9_bios, Fmc1000\-K9_firmware, Fmc2500\-K9_bios, Fmc2500\-K9_firmware, Fmc4500\-K9_bios, Fmc4500\-K9_firmware, Identity_services_engine, Sns\-3515\-K9_bios, Sns\-3515\-K9_firmware, Sns\-3595\-K9_bios, Sns\-3595\-K9_firmware, Sns\-3615\-K9_bios, Sns\-3615\-K9_firmware, Sns\-3655\-K9_bios, Sns\-3655\-K9_firmware, Sns\-3695\-K9_bios, Sns\-3695\-K9_firmware, Tg5004\-K9\-Rf_bios, Tg5004\-K9\-Rf_firmware, Tg5004\-K9_bios, Tg5004\-K9_firmware, Unified_computing_system | 6.6 | ||
| 2020-10-08 | CVE-2020-3467 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control (RBAC) within the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to modify parts of... | Identity_services_engine | 7.7 |