Page 10 of 55 results (0.021 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-0275

https://notcve.org/view.php?id=CVE-2018-0275

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. • http://www.securitytracker.com/id/1040717 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise • CWE-16: Configuration •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-9198

https://notcve.org/view.php?id=CVE-2016-9198

A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199). Una vulnerabilidad en el componente de integración Active Directory de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de denegación de servicio (DoS). Más Información: CSCuw15041. • http://www.securityfocus.com/bid/94810 http://www.securitytracker.com/id/1037415 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 0%CPEs: 48EXPL: 0

CVE-2015-6317

https://notcve.org/view.php?id=CVE-2015-6317

Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a través de una petición directa, también conocido como Bug ID CSCuu45926. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 http://www.securitytracker.com/id/1034767 • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 0%CPEs: 50EXPL: 0

CVE-2015-6323

https://notcve.org/view.php?id=CVE-2015-6323

The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253. El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos obtener acceso administrativo a través de vectores no especificados, también conocido como Bug ID CSCuw34253. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise http://www.securitytracker.com/id/1034666 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-6266

https://notcve.org/view.php?id=CVE-2015-6266

The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. Vulnerabilidad en el portal de invitado en Cisco Identity Services Engine (ISE) 3300 1.2(0.899), no restringe el acceso a documentos HTML subidos, lo que permite a atacantes remotos obtener información sensible de documentos personalizados a través de una petición directa, también conocida como Bug ID CSCuo78045. • http://tools.cisco.com/security/center/viewAlert.x?alertId=40691 http://www.securitytracker.com/id/1033405 • CWE-287: Improper Authentication •