CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0275
https://notcve.org/view.php?id=CVE-2018-0275
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. • http://www.securitytracker.com/id/1040717 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise • CWE-16: Configuration •
CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0CVE-2015-6317
https://notcve.org/view.php?id=CVE-2015-6317
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a través de una petición directa, también conocido como Bug ID CSCuu45926. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 http://www.securitytracker.com/id/1034767 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0CVE-2015-6323
https://notcve.org/view.php?id=CVE-2015-6323
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados, también conocido como Bug ID CSCuw34253. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise http://www.securitytracker.com/id/1034666 •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2013-5530
https://notcve.org/view.php?id=CVE-2013-5530
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. El framework web de Cisco Identitiy Services Engine (ISE) 1.0 y 1.1.0 antes 1.1.0.665-5, antes 1.1.1.268-7 1.1.1, 1.1.2 antes 1.1.2.145-10, 1.1.3 antes 1.1.3.124 -7, antes 1.1.4.218-7 1.1.4 y 1.2 antes 1.2.0.899-2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una sesión manipulada en el puerto TCP 443, también conocido como Bug ID CSCuh81511. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise http://www.kb.cert.org/vuls/id/952422 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •