Page 2 of 12 results (0.003 seconds)

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405. Cisco Identity Services Engine (ISE) 1.x anteriores a 1.1.1 permite a atacantes remotos sortear la autenticación, y leer configuración de soporte y datos de credenciales, a traves de una sesion TCP manipulada en el puerto 443, tambien conocido como Bug ID CSCty20405. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0

The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511. El framework web de Cisco Identitiy Services Engine (ISE) 1.0 y 1.1.0 antes 1.1.0.665-5, antes 1.1.1.268-7 1.1.1, 1.1.2 antes 1.1.2.145-10, 1.1.3 antes 1.1.3.124 -7, antes 1.1.4.218-7 1.1.4 y 1.2 antes 1.2.0.899-2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una sesión manipulada en el puerto TCP 443, también conocido como Bug ID CSCuh81511. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise http://www.kb.cert.org/vuls/id/952422 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666. El Sponsor Portal in Cisco Identity Services Engine (ISE) y anteriores versiones no restringe adecuadamente el uso de elementos IFRAME, lo que hace más sencillo para atacantes remotos llevar a cabo ataques de clickjacking y otros sin especificar a través de un sitio web manipulado, relacionado con el fallo "cross-frame scripting (XFS)", también conocido como Bug ID CSCui82666. • http://osvdb.org/98168 http://secunia.com/advisories/55207 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523 http://tools.cisco.com/security/center/viewAlert.x?alertId=31161 http://www.securityfocus.com/bid/62869 http://www.securitytracker.com/id/1029157 https://exchange.xforce.ibmcloud.com/vulnerabilities/87724 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655. Vulnerabilidad de inyección XSS en la página de solución de problemas en Cisco Identity Services Engine (ISE) 1.2 y anteriores permite a atacantes remotos inyectar script web o HTML arbitrario a través de parámetros sin especificar, también conocido como Bug ID CSCug77655. • http://osvdb.org/98166 http://secunia.com/advisories/55067 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524 http://tools.cisco.com/security/center/viewAlert.x?alertId=31159 http://www.securityfocus.com/bid/62870 http://www.securitytracker.com/id/1029155 https://exchange.xforce.ibmcloud.com/vulnerabilities/87722 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502. Vulnerabilidad de inyección SQL en el framework web de Cisco Identity Services Engine (ISE) 1.2 y versiones anteriores permite a usuarios remotos sin autenticar ejecutar comandos SQL arbitrarios a través de vectores sin especificar, aka Bug ID CSCug90502. • http://osvdb.org/98167 http://secunia.com/advisories/55098 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525 http://tools.cisco.com/security/center/viewAlert.x?alertId=31160 http://www.securitytracker.com/id/1029156 https://exchange.xforce.ibmcloud.com/vulnerabilities/87723 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •