VYPR

Identity Services Engine Express

by Cisco Systems, Inc.

CVEs (8)

  • CVE-2017-12261HigNov 2, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user…

  • CVE-2017-12316HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login…

  • CVE-2016-9198HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199).

  • CVE-2016-6453HigNov 3, 2016
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).

  • CVE-2016-9214MedDec 14, 2016
    risk 0.40cvss 6.1epss 0.02

    Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected…

  • CVE-2014-8022Jan 15, 2015
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.

  • CVE-2014-8017Dec 22, 2014
    risk 0.00cvss epss 0.01

    The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

  • CVE-2014-8015Dec 22, 2014
    risk 0.00cvss epss 0.01

    The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.