CVE-2018-0275
https://notcve.org/view.php?id=CVE-2018-0275
A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. The vulnerability is due to improper configuration of the support tunnel feature. An attacker could exploit this vulnerability by tricking the device into unlocking the support user account and accessing the tunnel password and device serial number. A successful exploit could allow the attacker to run any system command with root access. This affects Cisco Identity Services Engine (ISE) software versions prior to 2.2.0.470. • http://www.securitytracker.com/id/1040717 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-ise • CWE-16: Configuration •
CVE-2017-6747
https://notcve.org/view.php?id=CVE-2017-6747
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An attacker could exploit this vulnerability by authenticating with a valid external user account that matches an internal username and incorrectly receiving the authorization policy of the internal account. An exploit could allow the attacker to have Super Admin privileges for the ISE Admin portal. This vulnerability does not affect endpoints authenticating to the ISE. • http://www.securitytracker.com/id/1039054 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ise • CWE-287: Improper Authentication •
CVE-2017-6734
https://notcve.org/view.php?id=CVE-2017-6734
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal. More Information: CSCvd74794. Known Affected Releases: 1.3(0.909) 2.1(0.800). Una vulnerabilidad en la interfaz de gestión web del portal de Cisco Identity Services Engine (ISE) Software podría permitir que un atacante remoto autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un sistema afectado. Esto se relaciona con Guest Portal. • http://www.securityfocus.com/bid/99459 http://www.securitytracker.com/id/1038823 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ise2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-6453
https://notcve.org/view.php?id=CVE-2016-6453
A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876). Una vulnerabilidad en el código de marco de referencia web de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto autenticado ejecutar comandos SQL arbitrarios en la base de datos. Más información: CSCva46542. • http://www.securityfocus.com/bid/93897 http://www.securitytracker.com/id/1037109 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2015-6317
https://notcve.org/view.php?id=CVE-2015-6317
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a través de una petición directa, también conocido como Bug ID CSCuu45926. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2 http://www.securitytracker.com/id/1034767 • CWE-284: Improper Access Control •