Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cisco identity services engine software 1.3 vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2015-6323
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote malicious users to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
Cisco Identity Services Engine Software 1.1.4Cisco Identity Services Engine Software 1.1.3Cisco Identity Services Engine Software 1.1.2Cisco Identity Services Engine Software 1.1.1Cisco Identity Services Engine Software 1.3\\(106.146\\)Cisco Identity Services Engine Software 1.3\\(0.722\\)Cisco Identity Services Engine Software 1.2.1Cisco Identity Services Engine Software 1.2\\(0.793\\)Cisco Identity Services Engine Software 1.3\\(120.135\\)Cisco Identity Services Engine Software 1.2\\(0.747\\)Cisco Identity Services Engine Software 1.2\\(1.198\\)Cisco Identity Services Engine Software 1.4\\(0.109\\)Cisco Identity Services Engine Software 1.3\\(0.876\\)Cisco Identity Services Engine Software 1.2.0.899Cisco Identity Services Engine Software 1.2 BaseCisco Identity Services Engine Software 1.1 BaseCisco Identity Services Engine Software 1.4\\(0.253\\)Cisco Identity Services Engine Software 1.2\\(1.901\\)Cisco Identity Services Engine Software 1.4\\(0.181\\)
6.5
CVSSv3
CVE-2015-6317
Cisco Identity Services Engine (ISE) prior to 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
Cisco Identity Services Engine Software 1.3\\(120.135\\)Cisco Identity Services Engine Software 1.3\\(106.146\\)Cisco Identity Services Engine Software 1.2.1Cisco Identity Services Engine Software 1.1.4Cisco Identity Services Engine Software 1.1.3Cisco Identity Services Engine Software 1.1.2Cisco Identity Services Engine Software 1.1.1Cisco Identity Services Engine Software 1.0.4.573Cisco Identity Services Engine Software 1.0 Mr BaseCisco Identity Services Engine Software 1.2\\(1.198\\)Cisco Identity Services Engine Software 1.4\\(0.109\\)Cisco Identity Services Engine Software 1.2\\(0.793\\)Cisco Identity Services Engine Software 1.2.0.899Cisco Identity Services Engine Software 1.2\\(0.747\\)Cisco Identity Services Engine Software 1.2 BaseCisco Identity Services Engine Software 1.1 BaseCisco Identity Services Engine Software 1.3\\(0.722\\)Cisco Identity Services Engine Software 1.2\\(1.901\\)Cisco Identity Services Engine Software 1.0 BaseCisco Identity Services Engine Software 1.4\\(0.253\\)Cisco Identity Services Engine Software 1.4\\(0.181\\)Cisco Identity Services Engine Software 1.3\\(0.876\\)
NA
CVE-2015-4266
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks and unspecified other attacks via a crafted web s...
Cisco Identity Services Engine Software 1.1\\(4.1\\)Cisco Identity Services Engine Software 1.3\\(106.146\\)Cisco Identity Services Engine Software 1.3\\(120.135\\)
NA
CVE-2015-4182
The administrative web interface in Cisco Identity Services Engine (ISE) prior to 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
Cisco Identity Services Engine Software 1.2\\(0.747\\)Cisco Identity Services Engine Software 1.2\\(0.899\\)Cisco Identity Services Engine Software 1.2\\(1.901\\)Cisco Identity Services Engine Software 1.3Cisco Identity Services Engine Software 1.1Cisco Identity Services Engine Software 1.0.4.573Cisco Identity Services Engine Software 1.0 BaseCisco Identity Services Engine Software 1.2Cisco Identity Services Engine Software 1.4
NA
CVE-2015-4267
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote malicious users to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.
Cisco Identity Services Engine Software 1.3\\(0.876\\)Cisco Identity Services Engine Software 1.4\\(0.876\\)Cisco Identity Services Engine Software 1.4\\(0.181\\)Cisco Identity Services Engine Software 2.0\\(0.147\\)Cisco Identity Services Engine Software 1.2\\(0.793\\)Cisco Identity Services Engine Software 2.0\\(0.169\\)
5.4
CVSSv3
CVE-2017-6734
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Gues...
Cisco Identity Services Engine 1.3\\(0.909\\)Cisco Identity Services Engine 2.1 BaseCisco Identity Services Engine 1.3\\(0.722\\)Cisco Identity Services Engine 1.3\\(106.146\\)Cisco Identity Services Engine 1.3\\(0.876\\)Cisco Identity Services Engine 1.3\\(120.135\\)Cisco Identity Services Engine 2.1\\(0.474\\)Cisco Identity Services Engine 2.1\\(0.800\\)Cisco Identity Services Engine 2.1\\(102.101\\)
6.1
CVSSv3
CVE-2016-1485
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote malicious users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
Cisco Identity Services Engine Software 1.3\\(0.876\\)
NA
CVE-2015-4268
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID ...
Cisco Identity Services Engine Software 1.2\\(1.198\\)Cisco Identity Services Engine Software 1.3\\(0.876\\)
5.4
CVSSv3
CVE-2024-20251
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists...
Cisco Identity Services Engine 1.4\\(0.253\\)Cisco Identity Services Engine 2.0\\(0.169\\)Cisco Identity Services Engine 1.3\\(120.135\\)Cisco Identity Services Engine 2.0\\(0.222\\)Cisco Identity Services Engine 2.1\\(102.101\\)Cisco Identity Services Engine 2.1\\(0.800\\)Cisco Identity Services Engine 2.1\\(0.474\\)Cisco Identity Services Engine 1.4\\(0.181\\)Cisco Identity Services Engine 1.4\\(0.908\\)Cisco Identity Services Engine 1.2\\(1.199\\)Cisco Identity Services Engine 2.2\\(0.283\\)Cisco Identity Services Engine 2.0\\(0.147\\)Cisco Identity Services Engine 1.3\\(106.146\\)Cisco Identity Services Engine 1.3\\(0.876\\)Cisco Identity Services Engine 2.3\\(0.151\\)Cisco Identity Services Engine 2.0\\(1.130\\)Cisco Identity Services Engine 1.4\\(0.109\\)Cisco Identity Services Engine 1.3\\(0.722\\)Cisco Identity Services Engine 1.3\\(0.909\\)Cisco Identity Services Engine 1.4Cisco Identity Services Engine 2.0Cisco Identity Services Engine 2.0.1
NA
CVE-2015-0757
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote malicious users to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
Cisco Identity Services Engine Software 1.3\\(0.722\\)Cisco Identity Services Engine Software 1.2\\(1.901\\)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook