📦 Identity Services Engine

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC allows attackers to execute arbitrary commands as root without credentials. This affects organizations using vulnerable ...

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to upload arbitrary files and execute them as root on the underlying operating system. Attackers can achiev...

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers to execute arbitrary commands as root without credentials. This affects organizations using vulnera...

A critical vulnerability in Cisco ISE cloud deployments allows unauthenticated attackers to access shared credentials across multiple cloud environments. This enables data access, administrative opera...

This vulnerability allows authenticated attackers with read-only admin credentials to execute arbitrary commands as root on Cisco ISE devices via insecure Java deserialization in an API. It affects Ci...

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by exploiting JNDI lookups in log messages. This affects a...

An unauthenticated remote attacker can cause Cisco Identity Services Engine (ISE) to restart unexpectedly by sending crafted RADIUS access request messages for already-rejected MAC addresses. This cre...

An unauthenticated remote attacker can send specially crafted RADIUS authentication requests to cause Cisco Identity Services Engine (ISE) to reload, resulting in denial of service. This affects organ...

This vulnerability in Cisco ISE allows authenticated users with at least Read-only privileges to execute arbitrary commands on the underlying operating system, potentially gaining root access. It affe...

An unauthenticated remote attacker can cause Cisco ISE to stop processing RADIUS packets by sending crafted RADIUS accounting requests, resulting in denial of service for network authentication. This ...

This vulnerability in Cisco ISE's RADIUS feature allows an unauthenticated remote attacker to send crafted RADIUS requests, causing the system to stop processing RADIUS packets and leading to denial o...

This vulnerability allows an unauthenticated remote attacker to execute arbitrary commands with root privileges on Cisco Identity Services Engine (ISE) by exploiting insufficient input validation in t...

An authenticated cross-site scripting (XSS) vulnerability in Cisco ISE and ISE-PIC web management interfaces allows attackers with administrative credentials to inject malicious scripts. This could le...

This stored XSS vulnerability in Cisco ISE's web management interface allows authenticated administrators to inject malicious scripts that execute when other administrators view affected pages. Attack...

This vulnerability in Cisco ISE allows authenticated read-only administrators to view sensitive passwords that should only be accessible to high-privileged users. Attackers with valid read-only admin ...

This CVE describes reflected cross-site scripting (XSS) vulnerabilities in Cisco ISE and ISE-PIC web management interfaces. An authenticated attacker with low privileges can inject malicious scripts t...

This vulnerability allows authenticated attackers with low privileges to conduct reflected cross-site scripting (XSS) attacks against Cisco ISE and ISE-PIC web management interfaces. Successful exploi...

This vulnerability allows authenticated attackers with low-privileged accounts to conduct reflected cross-site scripting (XSS) attacks against Cisco ISE and ISE-PIC web management interfaces. Successf...

This vulnerability allows authenticated remote attackers with administrative credentials to bypass IP access restrictions on Cisco ISE and ISE-PIC devices, enabling login from unauthorized IP addresse...

This vulnerability in Cisco ISE and ISE-PIC allows authenticated attackers with high-privileged credentials to execute arbitrary code as root on the underlying operating system. It affects organizatio...

An authenticated cross-site scripting (XSS) vulnerability in Cisco ISE's web management interface allows attackers with administrative credentials to inject malicious scripts. This could lead to sessi...

This vulnerability in Cisco Identity Services Engine (ISE) allows authenticated remote attackers to recover service account passwords saved on affected systems. Attackers with read or write access to ...

This vulnerability allows unauthenticated remote attackers to conduct cross-site scripting (XSS) attacks against Cisco ISE web management interface users. Attackers can exploit it by tricking users in...

This vulnerability in Cisco ISE allows authenticated attackers with Super Admin credentials to read arbitrary files on the underlying OS and conduct SSRF attacks via crafted XML requests. It affects C...

This vulnerability in Cisco ISE allows authenticated attackers with Super Admin credentials to read or delete arbitrary files on the system. It affects Cisco ISE deployments where insufficient API par...

This cross-site scripting (XSS) vulnerability in Cisco ISE's web management interface allows unauthenticated remote attackers to execute malicious scripts in users' browsers. Attackers can steal sessi...

An authenticated attacker with Read-Only Administrator privileges in Cisco Identity Services Engine (ISE) can exploit improper data protection mechanisms to view sensitive device credentials that shou...

This vulnerability allows authenticated administrators on Cisco Identity Services Engine (ISE) to execute arbitrary commands on the underlying operating system and gain root privileges. It affects ISE...

Multiple SQL injection vulnerabilities in Cisco ISE's REST API allow authenticated attackers to execute arbitrary SQL queries. This could lead to unauthorized data access or modification on affected C...

This CSRF vulnerability in Cisco ISE's web management interface allows unauthenticated remote attackers to trick authenticated users into executing malicious actions. Attackers can perform arbitrary o...

This vulnerability allows an authenticated attacker with low privileges to conduct cross-site scripting (XSS) attacks against users of Cisco ISE's web management interface. It affects Cisco Identity S...