Page 11 of 60 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal. Una vulnerabilidad en el componente logging en Cisco Identity Services Engine podría permitir que un atacante remoto no autenticado lleve a cabo ataques Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106708 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin Portal. An attacker with read or write access to the Admin Portal could exploit this vulnerability by browsing to a page that contains sensitive data. An exploit could allow the attacker to recover passwords for unauthorized use and expose those accounts to further attack. Una vulnerabilidad en el portal de administrador de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto autenticado visualice contraseñas guardadas en texto plano. • http://www.securityfocus.com/bid/106512 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-passwd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. Una vulnerabilidad en la interfaz de gestión web de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado con los privilegios del servidor web. • http://www.securitytracker.com/id/1041792 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server. Una vulnerabilidad en la interfaz de gestión web de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente de un dispositivo afectado con los privilegios del servidor web. • http://www.securitytracker.com/id/1041792 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •

CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. • http://www.securityfocus.com/bid/104212 http://www.securitytracker.com/id/1040922 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-iseeap • CWE-295: Improper Certificate Validation •