Identity Services Engine Software
CVEs (215)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20152 | 0.00 | — | 0.01 | May 21, 2025 | A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain… | |||
| CVE-2020-3525 | 0.00 | — | 0.01 | Nov 18, 2024 | A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when… | |||
| CVE-2024-20539 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate… | |||
| CVE-2024-20538 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate… | |||
| CVE-2024-20537 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator… | |||
| CVE-2024-20532 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient… | |||
| CVE-2024-20531 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this… | |||
| CVE-2024-20530 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate… | |||
| CVE-2024-20529 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient… | |||
| CVE-2024-20528 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. … | |||
| CVE-2024-20527 | 0.00 | — | 0.01 | Nov 6, 2024 | A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient… | |||
| CVE-2024-20525 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate… | |||
| CVE-2024-20487 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based… | |||
| CVE-2024-20476 | 0.00 | — | 0.00 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator… | |||
| CVE-2024-20515 | 0.00 | — | 0.00 | Oct 2, 2024 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for… | |||
| CVE-2024-20469 | 0.00 | — | 0.00 | Sep 4, 2024 | A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must… | |||
| CVE-2024-20417 | 0.00 | — | 0.01 | Aug 21, 2024 | Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An… | |||
| CVE-2024-20466 | 0.00 | — | 0.00 | Aug 21, 2024 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege… | |||
| CVE-2024-20486 | 0.00 | — | 0.00 | Aug 21, 2024 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due… | |||
| CVE-2024-20479 | 0.00 | — | 0.00 | Aug 7, 2024 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management… |
- CVE-2025-20152May 21, 2025risk 0.00cvss —epss 0.01
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain…
- CVE-2020-3525Nov 18, 2024risk 0.00cvss —epss 0.01
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when…
- CVE-2024-20539Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate…
- CVE-2024-20538Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate…
- CVE-2024-20537Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to a lack of server-side validation of Administrator…
- CVE-2024-20532Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient…
- CVE-2024-20531Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this…
- CVE-2024-20530Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate…
- CVE-2024-20529Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient…
- CVE-2024-20528Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. …
- CVE-2024-20527Nov 6, 2024risk 0.00cvss —epss 0.01
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient…
- CVE-2024-20525Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate…
- CVE-2024-20487Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based…
- CVE-2024-20476Nov 6, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator…
- CVE-2024-20515Oct 2, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for…
- CVE-2024-20469Sep 4, 2024risk 0.00cvss —epss 0.00
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must…
- CVE-2024-20417Aug 21, 2024risk 0.00cvss —epss 0.01
Multiple vulnerabilities in the REST API of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct blind SQL injection attacks. These vulnerabilities are due to insufficient validation of user-supplied input in REST API calls. An…
- CVE-2024-20466Aug 21, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege…
- CVE-2024-20486Aug 21, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due…
- CVE-2024-20479Aug 7, 2024risk 0.00cvss —epss 0.00
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management…
Page 4 of 11