CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0275
https://notcve.org/view.php?id=CVE-2018-0275
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. • http://www.securitytracker.com/id/1040717 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise • CWE-16: Configuration •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2015-6317
https://notcve.org/view.php?id=CVE-2015-6317
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a través de una petición directa, también conocido como Bug ID CSCuu45926. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 http://www.securitytracker.com/id/1034767 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2015-6323
https://notcve.org/view.php?id=CVE-2015-6323
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados, también conocido como Bug ID CSCuw34253. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise http://www.securitytracker.com/id/1034666 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4266
https://notcve.org/view.php?id=CVE-2015-4266
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556. La interfaz web en Cisco Identity Services Engine (ISE) 1.1 (4.1), 1.3 (106.146) y 1.3 (120.135) no restringe correctamente el uso de elementos IFRAME, lo que facilita a atacantes remotos llevar a cabo ataques de clickjacking y otros ataques no especificados a través de una página web manipulada, relacionados con una cuestión de 'cross-frame scripting (XFS)', también conocido como Bug ID CSCut04556. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39871 http://www.securitytracker.com/id/1032930 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-4182
https://notcve.org/view.php?id=CVE-2015-4182
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. La interfaz web administrativa en Cisco Identity Services Engine (ISE) anterior a 1.3 permite a usuarios remotos autenticados evadir las restricciones de acceso, y obtener información sensible o cambiar configuraciones, a través de vectores no especificados, también conocido como Bug ID CSCui72087. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39299 http://www.securityfocus.com/bid/75152 http://www.securitytracker.com/id/1032579 • CWE-264: Permissions, Privileges, and Access Controls •