Cisco

Identity Services Engine Software

76 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-8017

  • EPSS 0.15%
  • Veröffentlicht 22.12.2014 19:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

4

CVE-2014-8015

  • EPSS 0.17%
  • Veröffentlicht 22.12.2014 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

4

CVE-2014-3276

  • EPSS 0.59%
  • Veröffentlicht 26.05.2014 00:25:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial o...

6.5

CVE-2014-3275

  • EPSS 0.28%
  • Veröffentlicht 26.05.2014 00:25:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.

4.3

CVE-2014-0681

  • EPSS 0.71%
  • Veröffentlicht 29.01.2014 18:34:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generati...

4

CVE-2014-0665

  • EPSS 0.38%
  • Veröffentlicht 15.01.2014 16:11:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated ...

5

CVE-2013-5531

  • EPSS 0.25%
  • Veröffentlicht 25.10.2013 03:52:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.

9

CVE-2013-5530

  • EPSS 0.16%
  • Veröffentlicht 25.10.2013 03:52:54
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticate...

5

CVE-2013-5521

  • EPSS 0.47%
  • Veröffentlicht 25.10.2013 03:52:54
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287...

3.5

CVE-2013-5541

  • EPSS 0.19%
  • Veröffentlicht 16.10.2013 10:52:45
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.