CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6605
https://notcve.org/view.php?id=CVE-2017-6605
04 Jul 2017 — A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a reflective cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc85415. Known Affected Releases: 2.1(0.800). Una vulnerabilidad en la interfaz de administración basada en web de Identity Services Engine (ISE) de Cisco, podría permitir a un atacante remoto identificado conducir un... • http://www.securityfocus.com/bid/99207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6701
https://notcve.org/view.php?id=CVE-2017-6701
04 Jul 2017 — A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101). Una vulnerabilidad en la interfaz de aplicación web del portal Identity Services Engine (ISE) de Cisco, podría permitir a un atacante remoto no autenticado conducir un ataque almacen... • http://www.securityfocus.com/bid/99208 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6653
https://notcve.org/view.php?id=CVE-2017-6653
22 May 2017 — A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An... • http://www.securityfocus.com/bid/98536 • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •