Cisco Identity Services Engine (ISE) Software

CPE Details

Cisco Identity Services Engine (ISE) Software
-
2013-02-20
14h49 +00:00
2013-03-07
17h49 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

identity_services_engine_software

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-15282 2019-10-16 18h36 +00:00 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
5.3
Medium
CVE-2019-15281 2019-10-16 18h36 +00:00 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
4.8
Medium
CVE-2014-8022 2015-01-15 21h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.
4.3
CVE-2014-8015 2014-12-22 18h00 +00:00 The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.
4
CVE-2014-8017 2014-12-22 18h00 +00:00 The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
5
CVE-2014-3275 2014-05-23 20h00 +00:00 SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
6.5
CVE-2014-3276 2014-05-23 20h00 +00:00 Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
4
CVE-2014-0681 2014-01-29 15h00 +00:00 Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.
4.3
CVE-2014-0665 2014-01-15 14h00 +00:00 The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.
4
CVE-2013-5521 2013-10-25 01h00 +00:00 Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
5
CVE-2013-5538 2013-10-16 10h00 +00:00 The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
5
CVE-2013-5539 2013-10-16 10h00 +00:00 The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.
6
CVE-2013-5540 2013-10-16 10h00 +00:00 The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.
6.8
CVE-2013-5541 2013-10-16 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.
3.5
CVE-2013-5523 2013-10-10 08h00 +00:00 The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
4.3
CVE-2013-5524 2013-10-10 08h00 +00:00 Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
4.3
CVE-2013-5525 2013-10-10 08h00 +00:00 SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.
6.5
CVE-2013-5504 2013-09-30 08h00 +00:00 Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.
4.3
CVE-2013-5505 2013-09-30 08h00 +00:00 Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.
4.3
CVE-2012-5744 2013-08-30 01h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.
4.3
CVE-2013-3471 2013-08-29 08h00 +00:00 The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
4.3
CVE-2013-3420 2013-07-17 21h00 +00:00 Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
6.8
CVE-2013-3413 2013-07-04 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
4.3
CVE-2013-1196 2013-04-29 21h00 +00:00 The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
6.8
CVE-2013-1125 2013-02-19 23h00 +00:00 The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
6.8
CVE-2011-3290 2011-09-21 14h00 +00:00 Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
10