VYPR

Identity Services Engine Software

by Cisco Systems, Inc.

CVEs (215)

  • CVE-2026-20186CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.06

    A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin…

  • CVE-2026-20180CriApr 15, 2026
    risk 0.64cvss 9.9epss 0.06

    A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin…

  • CVE-2017-6747CriAug 7, 2017
    risk 0.64cvss 9.8epss 0.05

    A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally…

  • CVE-2015-6323CriJan 15, 2016
    risk 0.64cvss 9.8epss 0.03

    The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.

  • CVE-2018-0413HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-0213HigMar 8, 2018
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability…

  • CVE-2017-3835HigFeb 22, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).

  • CVE-2018-0277HigMay 17, 2018
    risk 0.56cvss 8.6epss 0.03

    A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to…

  • CVE-2017-12261HigNov 2, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user…

  • CVE-2017-12316HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login…

  • CVE-2017-6653HigMay 22, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or…

  • CVE-2016-9198HigDec 14, 2016
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199).

  • CVE-2016-1402HigMay 21, 2016
    risk 0.49cvss 7.5epss 0.02

    The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication…

  • CVE-2016-6453HigNov 3, 2016
    risk 0.48cvss 7.3epss 0.01

    A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876).

  • CVE-2018-0275MedApr 19, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this…

  • CVE-2018-0221MedMar 8, 2018
    risk 0.44cvss 6.7epss 0.01

    A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid…

  • CVE-2015-6317MedJan 23, 2016
    risk 0.42cvss 6.5epss 0.01

    Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.

  • CVE-2018-0215MedMar 8, 2018
    risk 0.41cvss 6.3epss 0.01

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to…

  • CVE-2018-0339MedJun 7, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input…

  • CVE-2018-0327MedMay 17, 2018
    risk 0.40cvss 6.1epss 0.02

    A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input…

Page 1 of 11