Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cisco identity services engine vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-20368
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due...
NA
CVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validat...
5.4
CVSSv3
CVE-2024-20251
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists...
Cisco Identity Services Engine 1.4(0.253)
Cisco Identity Services Engine 2.0(0.169)
Cisco Identity Services Engine 1.3(120.135)
Cisco Identity Services Engine 2.0(0.222)
Cisco Identity Services Engine 2.1(102.101)
Cisco Identity Services Engine 2.1(0.800)
Cisco Identity Services Engine 2.1(0.474)
Cisco Identity Services Engine 1.4(0.181)
Cisco Identity Services Engine 1.4(0.908)
Cisco Identity Services Engine 1.2(1.199)
Cisco Identity Services Engine 2.2(0.283)
Cisco Identity Services Engine 2.0(0.147)
Cisco Identity Services Engine 1.3(106.146)
Cisco Identity Services Engine 1.3(0.876)
Cisco Identity Services Engine 2.3(0.151)
Cisco Identity Services Engine 2.0(1.130)
Cisco Identity Services Engine 1.4(0.109)
Cisco Identity Services Engine 1.3(0.722)
Cisco Identity Services Engine 1.3(0.909)
Cisco Identity Services Engine 1.4
Cisco Identity Services Engine 2.0
Cisco Identity Services Engine 2.0.1
9.8
CVSSv3
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or gre...
Apache Struts
13 Github repositories
2 Articles
8.8
CVSSv3
CVE-2023-20272
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote malicious user to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker c...
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
4.8
CVSSv3
CVE-2023-20208
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote malicious user to conduct an XSS attack against a user of the web-based management interface of an affected device.
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
6.7
CVSSv3
CVE-2023-20170
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local malicious user to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-...
Cisco Identity Services Engine 3.2
8.8
CVSSv3
CVE-2023-20175
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local malicious user to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-leve...
Cisco Identity Services Engine 2.6.0
Cisco Identity Services Engine 2.7.0
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
7.2
CVSSv3
CVE-2023-20196
Two vulnerabilities in Cisco ISE could allow an authenticated, remote malicious user to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to i...
Cisco Identity Services Engine 2.7.0
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
7.2
CVSSv3
CVE-2023-20195
Two vulnerabilities in Cisco ISE could allow an authenticated, remote malicious user to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to i...
Cisco Identity Services Engine 2.7.0
Cisco Identity Services Engine 3.0.0
Cisco Identity Services Engine 3.1
Cisco Identity Services Engine 3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »