CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2018-0211
https://notcve.org/view.php?id=CVE-2018-0211
A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. • http://www.securityfocus.com/bid/103334 http://www.securitytracker.com/id/1040471 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-6733
https://notcve.org/view.php?id=CVE-2017-6733
A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). Una vulnerabilidad en la interfaz de aplicación web del portal de Cisco Identity Services Engine (ISE) podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en un sistema afectado. Más información: CSCvd87482. • http://www.securityfocus.com/bid/99458 http://www.securitytracker.com/id/1038822 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-ise1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •