All the vulnerabilites related to cisco - identity_services_engine_software
cve-2013-5523
Vulnerability from cvelistv5
Published
2013-10-10 10:00
Modified
2024-08-06 17:15
Severity ?
Summary
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
References
http://www.securitytracker.com/id/1029157vdb-entry, x_refsource_SECTRACK
http://osvdb.org/98168vdb-entry, x_refsource_OSVDB
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523vendor-advisory, x_refsource_CISCO
https://exchange.xforce.ibmcloud.com/vulnerabilities/87724vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/62869vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/viewAlert.x?alertId=31161x_refsource_CONFIRM
http://secunia.com/advisories/55207third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.807Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1029157",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029157"
          },
          {
            "name": "98168",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/98168"
          },
          {
            "name": "20131007 Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523"
          },
          {
            "name": "cisco-ise-cve20135523-xfs(87724)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724"
          },
          {
            "name": "62869",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62869"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161"
          },
          {
            "name": "55207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55207"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCui82666."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1029157",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029157"
        },
        {
          "name": "98168",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/98168"
        },
        {
          "name": "20131007 Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523"
        },
        {
          "name": "cisco-ise-cve20135523-xfs(87724)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724"
        },
        {
          "name": "62869",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62869"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161"
        },
        {
          "name": "55207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55207"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCui82666."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1029157",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029157"
            },
            {
              "name": "98168",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/98168"
            },
            {
              "name": "20131007 Cisco Identity Services Engine Sponsor Portal Cross-Frame Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523"
            },
            {
              "name": "cisco-ise-cve20135523-xfs(87724)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724"
            },
            {
              "name": "62869",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62869"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161"
            },
            {
              "name": "55207",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55207"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5523",
    "datePublished": "2013-10-10T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5504
Vulnerability from cvelistv5
Published
2013-09-30 10:00
Modified
2024-08-06 17:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.
References
http://www.securitytracker.com/id/1029110vdb-entry, x_refsource_SECTRACK
http://osvdb.org/97877vdb-entry, x_refsource_OSVDB
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504vendor-advisory, x_refsource_CISCO
https://exchange.xforce.ibmcloud.com/vulnerabilities/87531vdb-entry, x_refsource_XF
http://tools.cisco.com/security/center/viewAlert.x?alertId=31007x_refsource_CONFIRM
http://www.securityfocus.com/bid/62694vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.901Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1029110",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029110"
          },
          {
            "name": "97877",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/97877"
          },
          {
            "name": "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504"
          },
          {
            "name": "cisco-ise-cve20135504-xss(87531)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007"
          },
          {
            "name": "62694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1029110",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029110"
        },
        {
          "name": "97877",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/97877"
        },
        {
          "name": "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504"
        },
        {
          "name": "cisco-ise-cve20135504-xss(87531)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007"
        },
        {
          "name": "62694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62694"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1029110",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029110"
            },
            {
              "name": "97877",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/97877"
            },
            {
              "name": "20130927 Cisco Identity Services Engine Mobile Device Management Portal Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504"
            },
            {
              "name": "cisco-ise-cve20135504-xss(87531)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007"
            },
            {
              "name": "62694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62694"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5504",
    "datePublished": "2013-09-30T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.901Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0327
Vulnerability from cvelistv5
Published
2018-05-17 03:00
Modified
2024-11-29 15:07
Severity ?
Summary
A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg86743.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xssx_refsource_CONFIRM
http://www.securityfocus.com/bid/104194vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1040926vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss"
          },
          {
            "name": "104194",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104194"
          },
          {
            "name": "1040926",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040926"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:38:03.591298Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:07:40.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine"
            }
          ]
        }
      ],
      "datePublic": "2018-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user\u0027s browser in the context of an affected site. Cisco Bug IDs: CSCvg86743."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-17T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss"
        },
        {
          "name": "104194",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104194"
        },
        {
          "name": "1040926",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040926"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0327",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user\u0027s browser in the context of an affected site. Cisco Bug IDs: CSCvg86743."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss"
            },
            {
              "name": "104194",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104194"
            },
            {
              "name": "1040926",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040926"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0327",
    "datePublished": "2018-05-17T03:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:07:40.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0665
Vulnerability from cvelistv5
Published
2014-01-15 15:00
Modified
2024-08-06 09:20
Severity ?
Summary
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/90463vdb-entry, x_refsource_XF
http://osvdb.org/102118vdb-entry, x_refsource_OSVDB
http://tools.cisco.com/security/center/viewAlert.x?alertId=32448x_refsource_CONFIRM
http://www.securitytracker.com/id/1029624vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/56439third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/64939vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:20:19.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-ise-cve2040665-unsuth-access(90463)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463"
          },
          {
            "name": "102118",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102118"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448"
          },
          {
            "name": "1029624",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029624"
          },
          {
            "name": "56439",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56439"
          },
          {
            "name": "64939",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/64939"
          },
          {
            "name": "20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-ise-cve2040665-unsuth-access(90463)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463"
        },
        {
          "name": "102118",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102118"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448"
        },
        {
          "name": "1029624",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029624"
        },
        {
          "name": "56439",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56439"
        },
        {
          "name": "64939",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/64939"
        },
        {
          "name": "20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-ise-cve2040665-unsuth-access(90463)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463"
            },
            {
              "name": "102118",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102118"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448"
            },
            {
              "name": "1029624",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029624"
            },
            {
              "name": "56439",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56439"
            },
            {
              "name": "64939",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/64939"
            },
            {
              "name": "20140115 Cisco ISE Unprivileged Support Bundle Download Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-0665",
    "datePublished": "2014-01-15T15:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2024-08-06T09:20:19.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5540
Vulnerability from cvelistv5
Published
2013-10-16 10:00
Modified
2024-09-17 01:20
Severity ?
Summary
The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:21.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131015 Cisco Identity Services Engine File Space Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-16T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131015 Cisco Identity Services Engine File Space Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5540",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131015 Cisco Identity Services Engine File Space Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5540",
    "datePublished": "2013-10-16T10:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-17T01:20:35.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8017
Vulnerability from cvelistv5
Published
2014-12-22 19:00
Modified
2024-08-06 13:10
Severity ?
Summary
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
References
http://www.securityfocus.com/bid/71767vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1031425vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:49.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "71767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71767"
          },
          {
            "name": "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017"
          },
          {
            "name": "1031425",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031425"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "71767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71767"
        },
        {
          "name": "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017"
        },
        {
          "name": "1031425",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031425"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8017",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "71767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71767"
            },
            {
              "name": "20141222 Cisco Identity Services Engine Periodic Backup Password Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017"
            },
            {
              "name": "1031425",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031425"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-8017",
    "datePublished": "2014-12-22T19:00:00",
    "dateReserved": "2014-10-08T00:00:00",
    "dateUpdated": "2024-08-06T13:10:49.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4219
Vulnerability from cvelistv5
Published
2015-06-24 10:00
Modified
2024-08-06 06:11
Severity ?
Summary
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
References
http://www.securitytracker.com/id/1032713vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertId=39501vendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/75379vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1032714vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:11.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032713",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032713"
          },
          {
            "name": "20150623 Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39501"
          },
          {
            "name": "75379",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75379"
          },
          {
            "name": "1032714",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032714"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032713",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032713"
        },
        {
          "name": "20150623 Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39501"
        },
        {
          "name": "75379",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75379"
        },
        {
          "name": "1032714",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032714"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4219",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032713",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032713"
            },
            {
              "name": "20150623 Cisco Identity Services Engine and Secure Access Control System Support Bundle Download Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39501"
            },
            {
              "name": "75379",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75379"
            },
            {
              "name": "1032714",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032714"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4219",
    "datePublished": "2015-06-24T10:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:11.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5530
Vulnerability from cvelistv5
Published
2013-10-25 01:00
Modified
2024-08-06 17:15
Severity ?
Summary
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.
References
http://www.kb.cert.org/vuls/id/952422third-party-advisory, x_refsource_CERT-VN
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-isevendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#952422",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/952422"
          },
          {
            "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-12-01T17:26:34",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "VU#952422",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/952422"
        },
        {
          "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#952422",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/952422"
            },
            {
              "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5530",
    "datePublished": "2013-10-25T01:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-6266
Vulnerability from cvelistv5
Published
2015-08-28 14:00
Modified
2024-08-06 07:15
Severity ?
Summary
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=40691vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1033405vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
          },
          {
            "name": "1033405",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033405"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-19T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
        },
        {
          "name": "1033405",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033405"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6266",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150827 Cisco Identity Services Engine Guest Portal Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
            },
            {
              "name": "1033405",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033405"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6266",
    "datePublished": "2015-08-28T14:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.298Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3471
Vulnerability from cvelistv5
Published
2013-08-29 10:00
Modified
2024-08-06 16:07
Severity ?
Summary
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1028965vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertId=30524x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130828 Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471"
          },
          {
            "name": "1028965",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1028965"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-09-11T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130828 Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471"
        },
        {
          "name": "1028965",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1028965"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130828 Cisco ISE Captive Portal Application Plaintext Credentials Exposure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471"
            },
            {
              "name": "1028965",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1028965"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3471",
    "datePublished": "2013-08-29T10:00:00",
    "dateReserved": "2013-05-06T00:00:00",
    "dateUpdated": "2024-08-06T16:07:37.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15281
Vulnerability from cvelistv5
Published
2019-10-16 18:36
Modified
2024-11-21 19:06
Severity ?
4.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xssvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20191016 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-15281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:55:58.127399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:06:46.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T18:36:46",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20191016 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20191016-ise-xss",
        "defect": [
          [
            "CSCvq52317"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
          "ID": "CVE-2019-15281",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20191016 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20191016-ise-xss",
          "defect": [
            [
              "CSCvq52317"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-15281",
    "datePublished": "2019-10-16T18:36:46.102217Z",
    "dateReserved": "2019-08-20T00:00:00",
    "dateUpdated": "2024-11-21T19:06:46.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1485
Vulnerability from cvelistv5
Published
2016-08-22 10:00
Modified
2024-08-05 22:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
References
http://www.securityfocus.com/bid/92518vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1036647vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-isevendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "92518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92518"
          },
          {
            "name": "1036647",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036647"
          },
          {
            "name": "20160817 Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "92518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92518"
        },
        {
          "name": "1036647",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036647"
        },
        {
          "name": "20160817 Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "92518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92518"
            },
            {
              "name": "1036647",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036647"
            },
            {
              "name": "20160817 Cisco Identity Services Engine Admin Dashboard Page Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1485",
    "datePublished": "2016-08-22T10:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-15440
Vulnerability from cvelistv5
Published
2019-01-15 20:00
Modified
2024-11-21 19:48
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xssvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/106513vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:54:03.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190109 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
          },
          {
            "name": "106513",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106513"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-15440",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:01:06.628008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:48:40.142Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-16T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190109 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
        },
        {
          "name": "106513",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106513"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190109-ise-multi-xss",
        "defect": [
          [
            "CSCvm71860",
            "CSCvm79609"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-01-09T16:00:00-0800",
          "ID": "CVE-2018-15440",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190109 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
            },
            {
              "name": "106513",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106513"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190109-ise-multi-xss",
          "defect": [
            [
              "CSCvm71860",
              "CSCvm79609"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-15440",
    "datePublished": "2019-01-15T20:00:00Z",
    "dateReserved": "2018-08-17T00:00:00",
    "dateUpdated": "2024-11-21T19:48:40.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3275
Vulnerability from cvelistv5
Published
2014-05-23 22:00
Modified
2024-08-06 10:35
Severity ?
Summary
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
References
http://www.securityfocus.com/bid/67555vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1030273vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertId=34328x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "67555",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67555"
          },
          {
            "name": "20140521 Cisco ISE Blind SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
          },
          {
            "name": "1030273",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030273"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-04T16:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "67555",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67555"
        },
        {
          "name": "20140521 Cisco ISE Blind SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
        },
        {
          "name": "1030273",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030273"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "67555",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67555"
            },
            {
              "name": "20140521 Cisco ISE Blind SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
            },
            {
              "name": "1030273",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030273"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3275",
    "datePublished": "2014-05-23T22:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0413
Vulnerability from cvelistv5
Published
2018-08-01 20:00
Modified
2024-11-26 14:49
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159.
References
http://www.securityfocus.com/bid/104950vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrfx_refsource_CONFIRM
http://www.securitytracker.com/id/1041408vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.490Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104950",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104950"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf"
          },
          {
            "name": "1041408",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041408"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0413",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T18:51:59.504008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T14:49:21.499Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-03T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "104950",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104950"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf"
        },
        {
          "name": "1041408",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041408"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0413",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104950",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104950"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf"
            },
            {
              "name": "1041408",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041408"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0413",
    "datePublished": "2018-08-01T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-26T14:49:21.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-6317
Vulnerability from cvelistv5
Published
2016-01-23 02:00
Modified
2024-08-06 07:15
Severity ?
Summary
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
References
http://www.securitytracker.com/id/1034767vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034767",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034767"
          },
          {
            "name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1034767",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034767"
        },
        {
          "name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034767",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034767"
            },
            {
              "name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6317",
    "datePublished": "2016-01-23T02:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0289
Vulnerability from cvelistv5
Published
2018-05-17 03:00
Modified
2024-11-29 15:09
Severity ?
Summary
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308.
References
http://www.securitytracker.com/id/1040925vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/104196vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xssx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040925",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040925"
          },
          {
            "name": "104196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104196"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0289",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:38:07.606982Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:09:17.581Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine"
            }
          ]
        }
      ],
      "datePublic": "2018-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-19T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1040925",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040925"
        },
        {
          "name": "104196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104196"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040925",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040925"
            },
            {
              "name": "104196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104196"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0289",
    "datePublished": "2018-05-17T03:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:09:17.581Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-15463
Vulnerability from cvelistv5
Published
2019-01-15 20:00
Modified
2024-11-21 19:48
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xssvendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/106513vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:54:03.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190109 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
          },
          {
            "name": "106513",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106513"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-15463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:01:05.296958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:48:32.206Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-16T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190109 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
        },
        {
          "name": "106513",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106513"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190109-ise-multi-xss",
        "defect": [
          [
            "CSCvm71860",
            "CSCvm79609"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-01-09T16:00:00-0800",
          "ID": "CVE-2018-15463",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190109 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
            },
            {
              "name": "106513",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106513"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190109-ise-multi-xss",
          "defect": [
            [
              "CSCvm71860",
              "CSCvm79609"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-15463",
    "datePublished": "2019-01-15T20:00:00Z",
    "dateReserved": "2018-08-17T00:00:00",
    "dateUpdated": "2024-11-21T19:48:32.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3420
Vulnerability from cvelistv5
Published
2013-07-17 21:00
Modified
2024-09-16 22:35
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.932Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130717 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-17T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130717 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3420",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130717 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3420",
    "datePublished": "2013-07-17T21:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-16T22:35:36.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-6323
Vulnerability from cvelistv5
Published
2016-01-15 02:00
Modified
2024-08-06 07:15
Severity ?
Summary
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-isevendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1034666vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:15:13.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
          },
          {
            "name": "1034666",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034666"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
        },
        {
          "name": "1034666",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034666"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6323",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160113 Cisco Identity Services Engine Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
            },
            {
              "name": "1034666",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034666"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6323",
    "datePublished": "2016-01-15T02:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:15:13.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5505
Vulnerability from cvelistv5
Published
2013-09-30 10:00
Modified
2024-08-06 17:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.
References
http://secunia.com/advisories/54626third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505vendor-advisory, x_refsource_CISCO
https://exchange.xforce.ibmcloud.com/vulnerabilities/87530vdb-entry, x_refsource_XF
http://osvdb.org/97875vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id/1029111vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/62693vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/viewAlert.x?alertId=31008x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "54626",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54626"
          },
          {
            "name": "20130927 Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505"
          },
          {
            "name": "cisco-ise-cve20135505-xss(87530)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530"
          },
          {
            "name": "97875",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/97875"
          },
          {
            "name": "1029111",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029111"
          },
          {
            "name": "62693",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "54626",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54626"
        },
        {
          "name": "20130927 Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505"
        },
        {
          "name": "cisco-ise-cve20135505-xss(87530)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530"
        },
        {
          "name": "97875",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/97875"
        },
        {
          "name": "1029111",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029111"
        },
        {
          "name": "62693",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5505",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "54626",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/54626"
            },
            {
              "name": "20130927 Cisco Identity Services Engine Administration Interface Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505"
            },
            {
              "name": "cisco-ise-cve20135505-xss(87530)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530"
            },
            {
              "name": "97875",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/97875"
            },
            {
              "name": "1029111",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029111"
            },
            {
              "name": "62693",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62693"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5505",
    "datePublished": "2013-09-30T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-3835
Vulnerability from cvelistv5
Published
2017-02-22 02:00
Modified
2024-08-05 14:39
Severity ?
Summary
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).
References
http://www.securityfocus.com/bid/96249vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-isex_refsource_CONFIRM
http://www.securitytracker.com/id/1037841vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96249",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96249"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise"
          },
          {
            "name": "1037841",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037841"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine"
            }
          ]
        }
      ],
      "datePublic": "2017-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "SQL Injection Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "96249",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96249"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise"
        },
        {
          "name": "1037841",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037841"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3835",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "SQL Injection Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96249",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96249"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise"
            },
            {
              "name": "1037841",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037841"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3835",
    "datePublished": "2017-02-22T02:00:00",
    "dateReserved": "2016-12-21T00:00:00",
    "dateUpdated": "2024-08-05T14:39:41.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0339
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:04
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xssx_refsource_CONFIRM
http://www.securityfocus.com/bid/104424vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1041066vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:14.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss"
          },
          {
            "name": "104424",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104424"
          },
          {
            "name": "1041066",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041066"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0339",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:37:50.470523Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:04:04.155Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss"
        },
        {
          "name": "104424",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104424"
        },
        {
          "name": "1041066",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041066"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0339",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss"
            },
            {
              "name": "104424",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104424"
            },
            {
              "name": "1041066",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041066"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0339",
    "datePublished": "2018-06-07T21:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:04:04.155Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-5744
Vulnerability from cvelistv5
Published
2013-08-30 01:00
Modified
2024-09-17 00:01
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.385Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130829 Cisco ISE Guest Portal XSS Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-08-30T01:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130829 Cisco ISE Guest Portal XSS Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-5744",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130829 Cisco ISE Guest Portal XSS Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-5744",
    "datePublished": "2013-08-30T01:00:00Z",
    "dateReserved": "2012-11-02T00:00:00Z",
    "dateUpdated": "2024-09-17T00:01:14.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4182
Vulnerability from cvelistv5
Published
2015-06-12 14:00
Modified
2024-08-06 06:04
Severity ?
Summary
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
References
http://www.securityfocus.com/bid/75152vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/viewAlert.x?alertId=39299vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1032579vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:02.936Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "75152",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75152"
          },
          {
            "name": "20150611 Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299"
          },
          {
            "name": "1032579",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032579"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "75152",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75152"
        },
        {
          "name": "20150611 Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299"
        },
        {
          "name": "1032579",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032579"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "75152",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75152"
            },
            {
              "name": "20150611 Cisco Identity Services Engine Improper Web Page Controls Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299"
            },
            {
              "name": "1032579",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032579"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4182",
    "datePublished": "2015-06-12T14:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:04:02.936Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1196
Vulnerability from cvelistv5
Published
2013-04-29 21:00
Modified
2024-09-16 18:43
Severity ?
Summary
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:57:02.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-04-29T21:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1196",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130412 Multiple Cisco Products root Privileges Command Execution Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1196",
    "datePublished": "2013-04-29T21:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-16T18:43:32.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1402
Vulnerability from cvelistv5
Published
2016-05-21 01:00
Modified
2024-08-05 22:55
Severity ?
Summary
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.
References
http://www.securitytracker.com/id/1035946vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-isevendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.261Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035946",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035946"
          },
          {
            "name": "20160517 Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T16:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1035946",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035946"
        },
        {
          "name": "20160517 Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1402",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035946",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035946"
            },
            {
              "name": "20160517 Cisco Identity Services Engine Active Directory Integration Component Remote Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1402",
    "datePublished": "2016-05-21T01:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.261Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5524
Vulnerability from cvelistv5
Published
2013-10-10 10:00
Modified
2024-08-06 17:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
References
http://www.securitytracker.com/id/1029155vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/55067third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/viewAlert.x?alertId=31159x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/87722vdb-entry, x_refsource_XF
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524vendor-advisory, x_refsource_CISCO
http://osvdb.org/98166vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/62870vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1029155",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029155"
          },
          {
            "name": "55067",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55067"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159"
          },
          {
            "name": "cisco-ise-cve20135524-xss(87722)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722"
          },
          {
            "name": "20131007 Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524"
          },
          {
            "name": "98166",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/98166"
          },
          {
            "name": "62870",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/62870"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1029155",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029155"
        },
        {
          "name": "55067",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55067"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159"
        },
        {
          "name": "cisco-ise-cve20135524-xss(87722)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722"
        },
        {
          "name": "20131007 Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524"
        },
        {
          "name": "98166",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/98166"
        },
        {
          "name": "62870",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/62870"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1029155",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029155"
            },
            {
              "name": "55067",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55067"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159"
            },
            {
              "name": "cisco-ise-cve20135524-xss(87722)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722"
            },
            {
              "name": "20131007 Cisco Identity Services Engine Troubleshooting Interface Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524"
            },
            {
              "name": "98166",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/98166"
            },
            {
              "name": "62870",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/62870"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5524",
    "datePublished": "2013-10-10T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3276
Vulnerability from cvelistv5
Published
2014-05-23 22:00
Modified
2024-08-06 10:35
Severity ?
Summary
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276vendor-advisory, x_refsource_CISCO
http://tools.cisco.com/security/center/viewAlert.x?alertId=34329x_refsource_CONFIRM
http://www.securitytracker.com/id/1030274vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140521 Cisco ISE RADIUS Service Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34329"
          },
          {
            "name": "1030274",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030274"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-09T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140521 Cisco ISE RADIUS Service Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34329"
        },
        {
          "name": "1030274",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030274"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140521 Cisco ISE RADIUS Service Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34329",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34329"
            },
            {
              "name": "1030274",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030274"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3276",
    "datePublished": "2014-05-23T22:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0681
Vulnerability from cvelistv5
Published
2014-01-29 16:00
Modified
2024-08-06 09:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681vendor-advisory, x_refsource_CISCO
http://osvdb.org/102589vdb-entry, x_refsource_OSVDB
http://www.securitytracker.com/id/1029699vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/56714third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/viewAlert.x?alertId=32609x_refsource_CONFIRM
http://www.securityfocus.com/bid/65183vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140128 Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681"
          },
          {
            "name": "102589",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102589"
          },
          {
            "name": "1029699",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029699"
          },
          {
            "name": "56714",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56714"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32609"
          },
          {
            "name": "65183",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65183"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-02T19:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20140128 Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681"
        },
        {
          "name": "102589",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102589"
        },
        {
          "name": "1029699",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029699"
        },
        {
          "name": "56714",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56714"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32609"
        },
        {
          "name": "65183",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65183"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140128 Cisco Identity Services Engine Reports Output Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681"
            },
            {
              "name": "102589",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102589"
            },
            {
              "name": "1029699",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029699"
            },
            {
              "name": "56714",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56714"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32609",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32609"
            },
            {
              "name": "65183",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65183"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-0681",
    "datePublished": "2014-01-29T16:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2024-08-06T09:27:19.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-12316
Vulnerability from cvelistv5
Published
2017-11-16 07:00
Modified
2024-08-05 18:36
Severity ?
Summary
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-isex_refsource_CONFIRM
http://www.securitytracker.com/id/1039830vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/101931vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:55.961Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise"
          },
          {
            "name": "1039830",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039830"
          },
          {
            "name": "101931",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101931"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-23T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise"
        },
        {
          "name": "1039830",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039830"
        },
        {
          "name": "101931",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101931"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise"
            },
            {
              "name": "1039830",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039830"
            },
            {
              "name": "101931",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101931"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12316",
    "datePublished": "2017-11-16T07:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:55.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5539
Vulnerability from cvelistv5
Published
2013-10-16 10:00
Modified
2024-09-16 18:54
Severity ?
Summary
The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.945Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131015 Cisco Identity Services Engine Untrusted File Upload Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-16T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131015 Cisco Identity Services Engine Untrusted File Upload Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131015 Cisco Identity Services Engine Untrusted File Upload Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5539",
    "datePublished": "2013-10-16T10:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-16T18:54:33.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-0757
Vulnerability from cvelistv5
Published
2015-05-29 15:00
Modified
2024-08-06 04:17
Severity ?
Summary
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=39042vendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/74864vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1032420vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:32.825Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150527 Cisco Identity Services Engine Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
          },
          {
            "name": "74864",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74864"
          },
          {
            "name": "1032420",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-03-23T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150527 Cisco Identity Services Engine Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
        },
        {
          "name": "74864",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74864"
        },
        {
          "name": "1032420",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-0757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150527 Cisco Identity Services Engine Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
            },
            {
              "name": "74864",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74864"
            },
            {
              "name": "1032420",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-0757",
    "datePublished": "2015-05-29T15:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:32.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5525
Vulnerability from cvelistv5
Published
2013-10-10 10:00
Modified
2024-08-06 17:15
Severity ?
Summary
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/87723vdb-entry, x_refsource_XF
http://www.securitytracker.com/id/1029156vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/55098third-party-advisory, x_refsource_SECUNIA
http://tools.cisco.com/security/center/viewAlert.x?alertId=31160x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525vendor-advisory, x_refsource_CISCO
http://osvdb.org/98167vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-ise-cve20135525-sql-injection(87723)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87723"
          },
          {
            "name": "1029156",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029156"
          },
          {
            "name": "55098",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55098"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31160"
          },
          {
            "name": "20131007 Cisco Identity Services Engine Blind SQL Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525"
          },
          {
            "name": "98167",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/98167"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-ise-cve20135525-sql-injection(87723)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87723"
        },
        {
          "name": "1029156",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029156"
        },
        {
          "name": "55098",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55098"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31160"
        },
        {
          "name": "20131007 Cisco Identity Services Engine Blind SQL Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525"
        },
        {
          "name": "98167",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/98167"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-ise-cve20135525-sql-injection(87723)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87723"
            },
            {
              "name": "1029156",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029156"
            },
            {
              "name": "55098",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/55098"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31160",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31160"
            },
            {
              "name": "20131007 Cisco Identity Services Engine Blind SQL Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525"
            },
            {
              "name": "98167",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/98167"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5525",
    "datePublished": "2013-10-10T10:00:00",
    "dateReserved": "2013-08-22T00:00:00",
    "dateUpdated": "2024-08-06T17:15:20.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5538
Vulnerability from cvelistv5
Published
2013-10-16 10:00
Modified
2024-09-17 02:42
Severity ?
Summary
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131015 Cisco Identity Services Engine Sponsor Portal File Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-16T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131015 Cisco Identity Services Engine Sponsor Portal File Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5538",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131015 Cisco Identity Services Engine Sponsor Portal File Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5538",
    "datePublished": "2013-10-16T10:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-17T02:42:28.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15282
Vulnerability from cvelistv5
Published
2019-10-16 18:36
Modified
2024-11-21 19:06
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodisvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:42:03.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20191016 Cisco Identity Services Engine Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-15282",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:55:56.854628Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:06:36.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine Software",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "n/a",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-16T18:36:46",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20191016 Cisco Identity Services Engine Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20191016-ise-infodis",
        "defect": [
          [
            "CSCvq52402"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Identity Services Engine Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-10-16T16:00:00-0700",
          "ID": "CVE-2019-15282",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Identity Services Engine Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine Software",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20191016 Cisco Identity Services Engine Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20191016-ise-infodis",
          "defect": [
            [
              "CSCvq52402"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-15282",
    "datePublished": "2019-10-16T18:36:46.751554Z",
    "dateReserved": "2019-08-20T00:00:00",
    "dateUpdated": "2024-11-21T19:06:36.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-1125
Vulnerability from cvelistv5
Published
2013-02-19 23:00
Modified
2024-09-17 02:27
Severity ?
Summary
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:49:20.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130215 Multiple Cisco Product Root Shell Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-19T23:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130215 Multiple Cisco Product Root Shell Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-1125",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130215 Multiple Cisco Product Root Shell Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-1125",
    "datePublished": "2013-02-19T23:00:00Z",
    "dateReserved": "2013-01-11T00:00:00Z",
    "dateUpdated": "2024-09-17T02:27:32.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4267
Vulnerability from cvelistv5
Published
2015-07-15 18:00
Modified
2024-08-06 06:11
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.
References
http://www.securitytracker.com/id/1032929vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertId=39872vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032929",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032929"
          },
          {
            "name": "20150715 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39872"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1032929",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032929"
        },
        {
          "name": "20150715 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39872"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4267",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032929",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032929"
            },
            {
              "name": "20150715 Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39872"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4267",
    "datePublished": "2015-07-15T18:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-3290
Vulnerability from cvelistv5
Published
2011-09-21 16:00
Modified
2024-08-06 23:29
Severity ?
Summary
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
References
http://secunia.com/advisories/46061third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/69945vdb-entry, x_refsource_XF
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtmlvendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id?1026075vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/49703vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46061",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46061"
          },
          {
            "name": "cisco-ise-default-credentials(69945)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945"
          },
          {
            "name": "20110920 Cisco Identity Services Engine Database Default Credentials Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml"
          },
          {
            "name": "1026075",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026075"
          },
          {
            "name": "49703",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49703"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "46061",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46061"
        },
        {
          "name": "cisco-ise-default-credentials(69945)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945"
        },
        {
          "name": "20110920 Cisco Identity Services Engine Database Default Credentials Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml"
        },
        {
          "name": "1026075",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026075"
        },
        {
          "name": "49703",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49703"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2011-3290",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46061",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46061"
            },
            {
              "name": "cisco-ise-default-credentials(69945)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945"
            },
            {
              "name": "20110920 Cisco Identity Services Engine Database Default Credentials Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml"
            },
            {
              "name": "1026075",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026075"
            },
            {
              "name": "49703",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49703"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2011-3290",
    "datePublished": "2011-09-21T16:00:00",
    "dateReserved": "2011-08-29T00:00:00",
    "dateUpdated": "2024-08-06T23:29:56.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5531
Vulnerability from cvelistv5
Published
2013-10-25 01:00
Modified
2024-09-16 17:58
Severity ?
Summary
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-isevendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-25T01:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5531",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131023 Multiple Vulnerabilities in Cisco Identity Services Engine",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5531",
    "datePublished": "2013-10-25T01:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-16T17:58:57.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4268
Vulnerability from cvelistv5
Published
2015-07-14 17:00
Modified
2024-08-06 06:11
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=39873vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1032889vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.868Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150713 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39873"
          },
          {
            "name": "1032889",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032889"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-23T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150713 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39873"
        },
        {
          "name": "1032889",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032889"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4268",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150713 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39873"
            },
            {
              "name": "1032889",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032889"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4268",
    "datePublished": "2015-07-14T17:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3908
Vulnerability from cvelistv5
Published
2012-09-16 10:00
Modified
2024-08-06 20:21
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
References
http://secunia.com/advisories/50680third-party-advisory, x_refsource_SECUNIA
http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/55602vdb-entry, x_refsource_BID
http://en.securitylab.ru/lab/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.028Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50680",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html"
          },
          {
            "name": "55602",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55602"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://en.securitylab.ru/lab/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-08-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-02-22T10:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "50680",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html"
        },
        {
          "name": "55602",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55602"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://en.securitylab.ru/lab/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-3908",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50680",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50680"
            },
            {
              "name": "http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html"
            },
            {
              "name": "55602",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55602"
            },
            {
              "name": "http://en.securitylab.ru/lab/",
              "refsource": "MISC",
              "url": "http://en.securitylab.ru/lab/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-3908",
    "datePublished": "2012-09-16T10:00:00",
    "dateReserved": "2012-07-10T00:00:00",
    "dateUpdated": "2024-08-06T20:21:04.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5521
Vulnerability from cvelistv5
Published
2013-10-25 01:00
Modified
2024-09-16 23:50
Severity ?
Summary
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131024 Cisco Identity Services Engine Guest User Account Exhaustion Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-25T01:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131024 Cisco Identity Services Engine Guest User Account Exhaustion Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131024 Cisco Identity Services Engine Guest User Account Exhaustion Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5521",
    "datePublished": "2013-10-25T01:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-16T23:50:40.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-5541
Vulnerability from cvelistv5
Published
2013-10-16 10:00
Modified
2024-09-16 22:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:15:20.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20131015 Cisco Identity Services Engine Upload Filename Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-16T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20131015 Cisco Identity Services Engine Upload Filename Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-5541",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20131015 Cisco Identity Services Engine Upload Filename Validation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-5541",
    "datePublished": "2013-10-16T10:00:00Z",
    "dateReserved": "2013-08-22T00:00:00Z",
    "dateUpdated": "2024-09-16T22:09:16.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8015
Vulnerability from cvelistv5
Published
2014-12-22 19:00
Modified
2024-08-06 13:10
Severity ?
Summary
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1031423vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.065Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
          },
          {
            "name": "1031423",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031423"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-12-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor\u0027s guest account via a modified HTTP request, aka Bug ID CSCur64400."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
        },
        {
          "name": "1031423",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031423"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor\u0027s guest account via a modified HTTP request, aka Bug ID CSCur64400."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141222 Cisco Identity Services Engine Portal Privilege Elevation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
            },
            {
              "name": "1031423",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031423"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-8015",
    "datePublished": "2014-12-22T19:00:00",
    "dateReserved": "2014-10-08T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-9214
Vulnerability from cvelistv5
Published
2016-12-14 00:37
Modified
2024-08-06 02:42
Severity ?
Summary
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130).
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1x_refsource_CONFIRM
http://www.securityfocus.com/bid/94807vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1037417vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1"
          },
          {
            "name": "94807",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94807"
          },
          {
            "name": "1037417",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037417"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Identity Services Engine (ISE)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Identity Services Engine (ISE)"
            }
          ]
        }
      ],
      "datePublic": "2016-12-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T21:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1"
        },
        {
          "name": "94807",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94807"
        },
        {
          "name": "1037417",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037417"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-9214",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Identity Services Engine (ISE)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Identity Services Engine (ISE)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1"
            },
            {
              "name": "94807",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94807"
            },
            {
              "name": "1037417",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037417"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-9214",
    "datePublished": "2016-12-14T00:37:00",
    "dateReserved": "2016-11-06T00:00:00",
    "dateUpdated": "2024-08-06T02:42:11.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-8022
Vulnerability from cvelistv5
Published
2015-01-15 22:00
Modified
2024-08-06 13:10
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/100664vdb-entry, x_refsource_XF
http://www.securitytracker.com/id/1031560vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022vendor-advisory, x_refsource_CISCO
https://tools.cisco.com/security/center/viewAlert.x?alertId=37045vendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/72083vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-ises-cve20148022-xss(100664)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100664"
          },
          {
            "name": "1031560",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031560"
          },
          {
            "name": "20150115 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022"
          },
          {
            "name": "20150128 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37045"
          },
          {
            "name": "72083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72083"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-ises-cve20148022-xss(100664)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100664"
        },
        {
          "name": "1031560",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031560"
        },
        {
          "name": "20150115 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022"
        },
        {
          "name": "20150128 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37045"
        },
        {
          "name": "72083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72083"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8022",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-ises-cve20148022-xss(100664)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100664"
            },
            {
              "name": "1031560",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031560"
            },
            {
              "name": "20150115 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022"
            },
            {
              "name": "20150128 Cisco Identity Services Engine Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37045"
            },
            {
              "name": "72083",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72083"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-8022",
    "datePublished": "2015-01-15T22:00:00",
    "dateReserved": "2014-10-08T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-4266
Vulnerability from cvelistv5
Published
2015-07-16 19:00
Modified
2024-08-06 06:11
Severity ?
Summary
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556.
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=39871vendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1032930vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:12.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150714 Cisco Identity Services Engine Cross-Frame Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871"
          },
          {
            "name": "1032930",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCut04556."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150714 Cisco Identity Services Engine Cross-Frame Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871"
        },
        {
          "name": "1032930",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032930"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4266",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCut04556."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150714 Cisco Identity Services Engine Cross-Frame Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871"
            },
            {
              "name": "1032930",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032930"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4266",
    "datePublished": "2015-07-16T19:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:12.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3413
Vulnerability from cvelistv5
Published
2013-07-04 10:00
Modified
2024-09-17 01:15
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413vendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:07:37.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130703 XSS bug in ISE Search form",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-04T10:00:00Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20130703 XSS bug in ISE Search form",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2013-3413",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130703 XSS bug in ISE Search form",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2013-3413",
    "datePublished": "2013-07-04T10:00:00Z",
    "dateReserved": "2013-05-06T00:00:00Z",
    "dateUpdated": "2024-09-17T01:15:33.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2013-07-04 14:33
Modified
2024-11-21 01:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3nd de secuencias de comandos en sitios cruzados (XSS) en el cuadro de b\u00fasqueda en el panel administration/monitoring de Cisco Identity Services Engine (ISE) que permite a atacantes remotos inyectar c\u00f3digo script o HTML a trav\u00e9s de vectores sin especificar, tambi\u00e9n conocido como CsCuh87036."
    }
  ],
  "id": "CVE-2013-3413",
  "lastModified": "2024-11-21T01:53:35.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-04T14:33:41.557",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3413"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-08-30 01:55
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en el portal de hu\u00e9spedes en Cisco Identity Services Engine (ISE) Software, permite a atacantes remotos inyectar secuencias de comandos web o HTML sin especificar a trav\u00e9s de vectores sin especificar, tambi\u00e9n conocido como Bug ID CSCud11139 y CSCug02904."
    }
  ],
  "id": "CVE-2012-5744",
  "lastModified": "2024-11-21T01:45:10.450",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-08-30T01:55:08.437",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-5744"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-02-19 23:55
Modified
2024-11-21 01:48
Severity ?
Summary
The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125
Impacted products
Vendor Product Version
cisco application_networking_manager -
cisco context_directory_agent -
cisco identity_services_engine_software -
cisco network_services_manager -
cisco prime_collaboration -
cisco prime_lan_management_solution -
cisco prime_network_control_system -
cisco quad -
cisco secure_access_control_system -
cisco unified_provisioning_manager -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BC24E6-3295-4D09-AC77-F9B4DA0811BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:context_directory_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9167B80B-DBD4-4B26-9BBB-98C9F246ED91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AE172B5-15D4-400D-BF3F-A2177C02331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D132E7DF-3B63-4A2A-AE65-C5F90CCF3878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7377B5F-AA6C-4042-BEB9-E7450059C99B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:quad:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C75C3800-0ADB-4B41-B4B0-1B9C923ADEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "716A2EC7-4A03-4BB9-B787-6DD285E25056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C175AC04-44FB-4FC5-B8A6-046A50C9B75C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042."
    },
    {
      "lang": "es",
      "value": "La interfaz en l\u00ednea de comandos en Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, y Network Services Manager no validan correctamente las entradas, lo que permite a usuarios locales obtener privilegios de root mediante vectores no especificados, tambi\u00e9n conocido como Bugs IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46023, CSCue46058, CSCue46013, CSCue46031, CSCue46035, and CSCue46042."
    }
  ],
  "id": "CVE-2013-1125",
  "lastModified": "2024-11-21T01:48:57.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-19T23:55:02.097",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1125"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-23 05:59
Modified
2024-11-21 02:34
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1034767
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034767
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.0.4.573
cisco identity_services_engine_software 1.0_base
cisco identity_services_engine_software 1.0_mr_base
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1_base
cisco identity_services_engine_software 1.2\(0.747\)
cisco identity_services_engine_software 1.2\(0.793\)
cisco identity_services_engine_software 1.2\(1.198\)
cisco identity_services_engine_software 1.2\(1.901\)
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.1
cisco identity_services_engine_software 1.2.1
cisco identity_services_engine_software 1.2_base
cisco identity_services_engine_software 1.3\(0.722\)
cisco identity_services_engine_software 1.3\(0.876\)
cisco identity_services_engine_software 1.3\(106.146\)
cisco identity_services_engine_software 1.3\(120.135\)
cisco identity_services_engine_software 1.4\(0.109\)
cisco identity_services_engine_software 1.4\(0.181\)
cisco identity_services_engine_software 1.4\(0.253\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*",
              "matchCriteriaId": "694B3E06-FAA9-4A60-97FE-C51518CE151F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE34CBD5-FF02-42C6-B4C3-D42FB6D30EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0_mr_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A70480-2229-410B-8291-8813A4AC417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "824AFCCC-537B-4CD1-873D-FC5ADB3E6625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "6C77ECD0-C872-410E-8525-4013CD9FEF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p3:*:*:*:*:*:*",
              "matchCriteriaId": "42EA25D7-2DF0-4811-8D29-7C65A36A117E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p4:*:*:*:*:*:*",
              "matchCriteriaId": "57E38A8B-A717-4795-BAFC-EC04781136D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p5:*:*:*:*:*:*",
              "matchCriteriaId": "4CA142CA-C90A-4CCC-897C-F5FF6B6AB576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p6:*:*:*:*:*:*",
              "matchCriteriaId": "1D149B6E-44EC-41B2-A23D-E670B865AC08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "66F0F676-226D-4509-AADE-DD86844B098C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "58014103-898F-437B-BA76-3C6F0D0709DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A2EFF6FC-7058-4CFE-966B-DF124AD2286F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "27009B65-3EFB-4038-8310-60FB0968C141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2F4EC156-55BA-4C1C-ACA3-724F797B76C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "DD74ABF5-E38E-4363-ABF5-2C76FBB9FB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "A86B70C2-838D-4E52-9CD3-3227D6450498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p8:*:*:*:*:*:*",
              "matchCriteriaId": "9E7DBDEB-BDD1-46E7-BF4B-946B11071056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6FC656C0-629E-40E8-90A5-2D84BEA327C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BC84D3B3-36E2-4F5C-85B2-6419088C324A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "2ECF4497-24DA-43BB-9723-5D34C2B3CB67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A8C8EB11-E866-4275-9D81-77BF8F746297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6252AF57-B742-4B9C-8F41-CB6A0507E3CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2016B837-F984-4FED-991C-836E1C6A84E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "B1547F7E-9B6D-4643-81D0-B8CF3913FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "D16606E3-0181-44E1-8599-865C09BEE7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "27DFF577-674F-4ECB-AD4F-67CBA44C99A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4C825BD3-EDA2-425E-8996-5E26A29CECF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "83AC276E-0B3F-4837-9918-6066FF78BFEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6CB114A4-B46B-434F-BDCB-264837BFB246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "D303E482-A46D-444E-9220-EF6E088E8F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "49DAEA26-7440-4FF0-8F6B-10ECBB303A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "D89B1F19-794B-458B-84C0-623D8A3EDA39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A2054E-0ACD-47AC-9FA6-DE3289B4C6A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4388586C-A521-421E-ABBE-34DB8AFBD05F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.793\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "02270440-39DC-4105-B54F-25CF15507461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.198\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E4448DC8-E3DE-4D1D-870A-F399B2CAAD7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p14:*:*:*:*:*:*",
              "matchCriteriaId": "254C0C70-12D9-4F43-8EDA-24B66D4127DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "663B6931-F31C-4BF1-8A6F-8CE066AA9B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8895CC4C-405A-4A6E-8D22-F70AA5A12888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DA0F0-DF8E-4B0A-B184-C57A4F706D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.722\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "75C5C1DD-658E-4376-9E05-997297E49C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0C8A13-77BB-4D48-99C1-6C16D6A13FA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(106.146\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "00932EDA-FF42-4422-893B-654DD3460230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(120.135\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DA183646-B28E-4565-A0C2-C8B1591F0569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.109\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C56C16D1-F75E-49A7-850C-0A7E4CE25CE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.181\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC32610B-2D09-4F85-A2A1-775E6A778A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.253\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D2621F2E-B212-40C6-9C17-90E49F75FAE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine (ISE) en versiones anteriores a 2.0 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso de recurso-web a trav\u00e9s de una petici\u00f3n directa, tambi\u00e9n conocido como Bug ID CSCuu45926."
    }
  ],
  "id": "CVE-2015-6317",
  "lastModified": "2024-11-21T02:34:46.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-23T05:59:00.113",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1034767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034767"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-06-24 10:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39501Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/75379Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032713Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032714Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39501Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75379Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032713Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032714Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.0.4.573
cisco secure_access_control_system *
cisco secure_access_control_system 5.3.0.40.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*",
              "matchCriteriaId": "694B3E06-FAA9-4A60-97FE-C51518CE151F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "275268AE-C53E-4062-B861-2286ADED6C91",
              "versionEndIncluding": "5.4.0.46.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D170305-A11C-423F-BECD-5AAF1557D3AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331."
    },
    {
      "lang": "es",
      "value": "Cisco Secure Access Control System anterior a 5.4(0.46.2) y 5.5 anterior a 5.5(0.46) y Cisco Identity Services Engine 1.0(4.573) no implementan correctamente el control de acceso para paquetes de soporte, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de intentos de fuerza bruta de enviar credenciales v\u00e1lidas, tambi\u00e9n conocido como Bug IDs CSCue00833 y CSCub40331."
    }
  ],
  "id": "CVE-2015-4219",
  "lastModified": "2024-11-21T02:30:39.487",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-24T10:59:12.807",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39501"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75379"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032713"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032714"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-16 10:52
Modified
2024-11-21 01:57
Severity ?
Summary
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -
cisco identity_services_engine -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506."
    },
    {
      "lang": "es",
      "value": "El Sponsor Portal en Cisco Identity Services Engine (ISE) usa permisos d\u00e9biles para subir archivos, lo que permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de peticiones directas, tambi\u00e9n conocido como Bug ID CSCui67506."
    }
  ],
  "id": "CVE-2013-5538",
  "lastModified": "2024-11-21T01:57:39.823",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-16T10:52:45.340",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5538"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-22 10:59
Modified
2024-11-21 02:46
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-iseVendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/92518
ykramarz@cisco.comhttp://www.securitytracker.com/id/1036647
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92518
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036647
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.3\(0.876\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0C8A13-77BB-4D48-99C1-6C16D6A13FA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Cisco Identity Services Engine 1.3(0.876) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros manipulados, tambi\u00e9n conocido como Bug ID CSCva46497."
    }
  ],
  "id": "CVE-2016-1485",
  "lastModified": "2024-11-21T02:46:31.813",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-22T10:59:04.480",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/92518"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1036647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92518"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036647"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-07-16 19:59
Modified
2024-11-21 02:30
Severity ?
Summary
The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39871Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032930
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39871Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032930
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.1\(4.1\)
cisco identity_services_engine_software 1.3\(106.146\)
cisco identity_services_engine_software 1.3\(120.135\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1\\(4.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1582C1-CBB5-4041-969C-7896DE00B31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(106.146\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "00932EDA-FF42-4422-893B-654DD3460230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(120.135\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DA183646-B28E-4565-A0C2-C8B1591F0569",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCut04556."
    },
    {
      "lang": "es",
      "value": "La interfaz web en Cisco Identity Services Engine (ISE) 1.1 (4.1), 1.3 (106.146) y 1.3 (120.135) no restringe correctamente el uso de elementos IFRAME, lo que facilita a atacantes remotos llevar a cabo ataques de clickjacking y otros ataques no especificados a trav\u00e9s de una p\u00e1gina web manipulada, relacionados con una cuesti\u00f3n de \u0027cross-frame scripting (XFS)\u0027, tambi\u00e9n conocido como Bug ID CSCut04556."
    }
  ],
  "id": "CVE-2015-4266",
  "lastModified": "2024-11-21T02:30:44.013",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-16T19:59:00.083",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1032930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032930"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-17 03:29
Modified
2024-11-21 03:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/104196Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1040925Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xssVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104196Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040925Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xssVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.3\(0.298\)
cisco identity_services_engine_software 2.4\(0.223\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.3\\(0.298\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC967491-4B83-40BD-9E91-1AE1BDA77B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.223\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "65C6B934-8BB8-4970-9F47-50982F9695C3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el componente logs en Cisco Identity Services Engine podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS). La vulnerabilidad se debe a la validaci\u00f3n incorrecta de peticiones almacenadas en la interfaz de gesti\u00f3n de aplicaciones. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones maliciosas al sistema objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante lleve a cabo ataques de Cross-Site Scripting (XSS) cuando un administrador visualiza los archivos de registro. Cisco Bug IDs: CSCvh11308."
    }
  ],
  "id": "CVE-2018-0289",
  "lastModified": "2024-11-21T03:37:54.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-17T03:29:00.573",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104196"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040925"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040925"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-16 19:15
Modified
2024-11-21 04:28
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xssVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xssVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC9CF6C-838C-4C7F-8944-4F0736875207",
              "versionEndExcluding": "2.4\\(0.357\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "530BF3D8-E256-4ADB-B0CB-6970885D65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B2FC1F25-BFCE-4EDF-A663-F9A3DB2CBB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch2:*:*:*:*:*:*",
              "matchCriteriaId": "22165A20-D544-4C98-9A6A-5FC0E635668B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch3:*:*:*:*:*:*",
              "matchCriteriaId": "0059B8B5-5168-4A16-93EA-C959AADF6929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch4:*:*:*:*:*:*",
              "matchCriteriaId": "094F2C84-FF31-4C16-928B-8B55057125F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch5:*:*:*:*:*:*",
              "matchCriteriaId": "573A629A-0747-4146-955A-AE3198A33103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch6:*:*:*:*:*:*",
              "matchCriteriaId": "A2AA30CC-A4D1-477D-9AD5-BFD2C1A91C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch7:*:*:*:*:*:*",
              "matchCriteriaId": "E4EF10D4-BA24-46F8-9FFD-95DDFBFEB919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch8:*:*:*:*:*:*",
              "matchCriteriaId": "71BBA48D-FCDC-4096-AF12-981F17E28815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch9:*:*:*:*:*:*",
              "matchCriteriaId": "26F5B643-6971-40D7-BF81-81CC3FE6A16D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Identity Services Engine (ISE) Software, podr\u00eda permitir a un atacante remoto autenticado conducir un ataque de tipo cross-site scripting (XSS) almacenado contra un usuario de la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. El atacante debe tener credenciales de administrador v\u00e1lidas. La vulnerabilidad es debido a una comprobaci\u00f3n insuficiente de la entrada suministrada por el usuario mediante la interfaz de administraci\u00f3n basada en web del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al inyectar c\u00f3digo malicioso en un archivo de soluci\u00f3n de problemas. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en navegador."
    }
  ],
  "id": "CVE-2019-15281",
  "lastModified": "2024-11-21T04:28:22.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-16T19:15:15.347",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-xss"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-01-15 03:59
Modified
2024-11-21 02:34
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-iseVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1034666
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034666
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.1_base
cisco identity_services_engine_software 1.2\(0.747\)
cisco identity_services_engine_software 1.2\(0.793\)
cisco identity_services_engine_software 1.2\(1.198\)
cisco identity_services_engine_software 1.2\(1.901\)
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.1
cisco identity_services_engine_software 1.2.1
cisco identity_services_engine_software 1.2.1
cisco identity_services_engine_software 1.2_base
cisco identity_services_engine_software 1.3\(0.722\)
cisco identity_services_engine_software 1.3\(0.876\)
cisco identity_services_engine_software 1.3\(106.146\)
cisco identity_services_engine_software 1.3\(120.135\)
cisco identity_services_engine_software 1.4\(0.109\)
cisco identity_services_engine_software 1.4\(0.181\)
cisco identity_services_engine_software 1.4\(0.253\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FCEF17-0223-44B8-947E-9CC733ED28DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "824AFCCC-537B-4CD1-873D-FC5ADB3E6625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "6C77ECD0-C872-410E-8525-4013CD9FEF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p3:*:*:*:*:*:*",
              "matchCriteriaId": "42EA25D7-2DF0-4811-8D29-7C65A36A117E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p4:*:*:*:*:*:*",
              "matchCriteriaId": "57E38A8B-A717-4795-BAFC-EC04781136D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p5:*:*:*:*:*:*",
              "matchCriteriaId": "4CA142CA-C90A-4CCC-897C-F5FF6B6AB576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:p6:*:*:*:*:*:*",
              "matchCriteriaId": "1D149B6E-44EC-41B2-A23D-E670B865AC08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA5CBE3-DBA6-4A3E-A07A-250C0C7155EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p1:*:*:*:*:*:*",
              "matchCriteriaId": "66F0F676-226D-4509-AADE-DD86844B098C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p2:*:*:*:*:*:*",
              "matchCriteriaId": "58014103-898F-437B-BA76-3C6F0D0709DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A2EFF6FC-7058-4CFE-966B-DF124AD2286F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p4:*:*:*:*:*:*",
              "matchCriteriaId": "27009B65-3EFB-4038-8310-60FB0968C141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2F4EC156-55BA-4C1C-ACA3-724F797B76C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p6:*:*:*:*:*:*",
              "matchCriteriaId": "DD74ABF5-E38E-4363-ABF5-2C76FBB9FB5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p7:*:*:*:*:*:*",
              "matchCriteriaId": "A86B70C2-838D-4E52-9CD3-3227D6450498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p8:*:*:*:*:*:*",
              "matchCriteriaId": "9E7DBDEB-BDD1-46E7-BF4B-946B11071056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:p9:*:*:*:*:*:*",
              "matchCriteriaId": "6FC656C0-629E-40E8-90A5-2D84BEA327C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AD33E0-8946-4AEE-BA17-F5C270EF2320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BC84D3B3-36E2-4F5C-85B2-6419088C324A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p2:*:*:*:*:*:*",
              "matchCriteriaId": "2ECF4497-24DA-43BB-9723-5D34C2B3CB67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p3:*:*:*:*:*:*",
              "matchCriteriaId": "A8C8EB11-E866-4275-9D81-77BF8F746297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6252AF57-B742-4B9C-8F41-CB6A0507E3CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p5:*:*:*:*:*:*",
              "matchCriteriaId": "2016B837-F984-4FED-991C-836E1C6A84E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p6:*:*:*:*:*:*",
              "matchCriteriaId": "B1547F7E-9B6D-4643-81D0-B8CF3913FA0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:p7:*:*:*:*:*:*",
              "matchCriteriaId": "D16606E3-0181-44E1-8599-865C09BEE7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F6C359-EA1F-4194-8561-6B9E0B44A0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "27DFF577-674F-4ECB-AD4F-67CBA44C99A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4C825BD3-EDA2-425E-8996-5E26A29CECF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "83AC276E-0B3F-4837-9918-6066FF78BFEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6CB114A4-B46B-434F-BDCB-264837BFB246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "D303E482-A46D-444E-9220-EF6E088E8F90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "49DAEA26-7440-4FF0-8F6B-10ECBB303A8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "D89B1F19-794B-458B-84C0-623D8A3EDA39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A2054E-0ACD-47AC-9FA6-DE3289B4C6A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4388586C-A521-421E-ABBE-34DB8AFBD05F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.793\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "02270440-39DC-4105-B54F-25CF15507461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.198\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E4448DC8-E3DE-4D1D-870A-F399B2CAAD7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p14:*:*:*:*:*:*",
              "matchCriteriaId": "254C0C70-12D9-4F43-8EDA-24B66D4127DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "440F2892-7695-4ADA-8E4E-94FEF4CF92CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "663B6931-F31C-4BF1-8A6F-8CE066AA9B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "8895CC4C-405A-4A6E-8D22-F70AA5A12888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47DA0F0-DF8E-4B0A-B184-C57A4F706D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.722\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "75C5C1DD-658E-4376-9E05-997297E49C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0C8A13-77BB-4D48-99C1-6C16D6A13FA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(106.146\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "00932EDA-FF42-4422-893B-654DD3460230",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(120.135\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DA183646-B28E-4565-A0C2-C8B1591F0569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.109\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C56C16D1-F75E-49A7-850C-0A7E4CE25CE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.181\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC32610B-2D09-4F85-A2A1-775E6A778A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.253\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D2621F2E-B212-40C6-9C17-90E49F75FAE0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrative access via unspecified vectors, aka Bug ID CSCuw34253."
    },
    {
      "lang": "es",
      "value": "El portal Admin en Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 en versiones anteriores a patch 17, 1.2.1 en versiones anteriores al patch 8, 1.3 en versiones anteriores al patch 5 y 1.4 en versiones anteriores al patch 4 permite a atacantes remotos obtener acceso administrativo a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuw34253."
    }
  ],
  "id": "CVE-2015-6323",
  "lastModified": "2024-11-21T02:34:47.143",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-01-15T03:59:06.950",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1034666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034666"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-09-21 16:55
Modified
2024-11-21 01:30
Severity ?
Summary
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
References
ykramarz@cisco.comhttp://secunia.com/advisories/46061
ykramarz@cisco.comhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtmlVendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/49703
ykramarz@cisco.comhttp://www.securitytracker.com/id?1026075
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/69945
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46061
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49703
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026075
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/69945
Impacted products
Vendor Product Version
cisco identity_services_engine *
cisco identity_services_engine_software *
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.0mr


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D21EAA4D-BC75-4FBF-8F84-33A8152D9E35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCFC65B-8F72-4C75-9721-54B75889CC07",
              "versionEndIncluding": "1.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*",
              "matchCriteriaId": "029478F4-EB13-4DF7-A93A-16A0D7ED8AEA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine (ISE), antes de la versi\u00f3n v1.0.4.MR2 usa las credenciales de base de datos Oracle por defecto, lo que permite a atacantes remotos modificar la configuraci\u00f3n o realizar otras acciones administrativas no especificadas a trav\u00e9s de vectores desconocidos. Problema tambi\u00e9n conocido como Bug ID CSCts59135."
    }
  ],
  "id": "CVE-2011-3290",
  "lastModified": "2024-11-21T01:30:12.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-09-21T16:55:04.147",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/46061"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/49703"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id?1026075"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b95105.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69945"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 00:25
Modified
2024-11-21 02:07
Severity ?
Summary
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=34328Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/67555
ykramarz@cisco.comhttp://www.securitytracker.com/id/1030273
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=34328Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67555
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030273
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el Framework web en Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) y anteriores permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de una URL manipulada, tambi\u00e9n conocido como Bug ID CSCul21337."
    }
  ],
  "id": "CVE-2014-3275",
  "lastModified": "2024-11-21T02:07:46.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T00:25:31.440",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/67555"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1030273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/67555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030273"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-05-29 15:59
Modified
2024-11-21 02:23
Severity ?
Summary
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39042Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/74864
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032420Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39042Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74864
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032420Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.2\(1.901\)
cisco identity_services_engine_software 1.3\(0.722\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.722\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "75C5C1DD-658E-4376-9E05-997297E49C4C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140."
    },
    {
      "lang": "es",
      "value": "El Framework web en Cisco Identity Services Engine (ISE) 1.2(1.901) y 1.3(0.722) no implementa correctamente los manejadores de sesiones, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de p\u00e1ginas web, tal y como fue demostrado por informes MnT, tambi\u00e9n conocido como Bug ID CSCuq23140."
    }
  ],
  "id": "CVE-2015-0757",
  "lastModified": "2024-11-21T02:23:39.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-29T15:59:11.170",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/74864"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74864"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032420"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-01-15 16:11
Modified
2024-11-21 02:02
Severity ?
Summary
The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904.
References
ykramarz@cisco.comhttp://osvdb.org/102118
ykramarz@cisco.comhttp://secunia.com/advisories/56439
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=32448Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/64939Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029624Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90463
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102118
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56439
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=32448Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64939Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029624Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90463
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RBAC implementation in Cisco Identity Services Engine (ISE) Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCul83904."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de RBAC en Cisco Identity Services Engine (ISE) de software no comprueba correctamente los privilegios para las descargas de soporte-bundle, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de una acci\u00f3n de descarga, como se ha demostrado mediante la obtenci\u00f3n de acceso de lectura a la base de datos de usuario, tambi\u00e9n conocido como Bug ID CSCul83904."
    }
  ],
  "id": "CVE-2014-0665",
  "lastModified": "2024-11-21T02:02:37.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-15T16:11:08.457",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/102118"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/56439"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/64939"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029624"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/64939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90463"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-16 10:52
Modified
2024-11-21 01:57
Severity ?
Summary
The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -
cisco identity_services_engine -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The upload-dialog implementation in Cisco Identity Services Engine (ISE) allows remote authenticated users to upload files with an arbitrary file type, and consequently conduct attacks against unspecified other systems, via a crafted file, aka Bug ID CSCui67511."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de upload-dialog en Cisco Identity Services Engine (ISE) permite a usuarios remotos autenticados subir archivos con un tipo de archivo arbitrario, y consecuentemente conducir ataques contra otros sistemas no especificados, a trav\u00e9s de un archivo manipulado, tambien conocido como Bug ID CSCui67511."
    }
  ],
  "id": "CVE-2013-5539",
  "lastModified": "2024-11-21T01:57:39.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-16T10:52:45.387",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5539"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-10 10:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
References
ykramarz@cisco.comhttp://osvdb.org/98166
ykramarz@cisco.comhttp://secunia.com/advisories/55067
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=31159Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/62870Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029155Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87722
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/98166
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55067
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=31159Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62870Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029155Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87722
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n XSS en la p\u00e1gina de soluci\u00f3n de problemas en Cisco Identity Services Engine (ISE) 1.2 y anteriores permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de par\u00e1metros sin especificar, tambi\u00e9n conocido como Bug ID CSCug77655."
    }
  ],
  "id": "CVE-2013-5524",
  "lastModified": "2024-11-21T01:57:38.280",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-10T10:55:06.617",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/98166"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/55067"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62870"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029155"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/98166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87722"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-12-14 00:59
Modified
2024-11-21 03:00
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130).
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/94807Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1037417Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/94807Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037417Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.0\(1.130\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.0\\(1.130\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E0BC23B4-C525-47D3-AB5A-1DAF76F68ACD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvb86332 CSCvb86760. Known Affected Releases: 2.0(101.130)."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine (ISE) contiene una vulnerabilidad que podr\u00eda permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra el usuario de la interfaz web del sistema afectado. M\u00e1s Informaci\u00f3n: CSCvb86332 CSCvb86760. Lanzamientos Afectados Conocidos: 2.0(101.130)."
    }
  ],
  "id": "CVE-2016-9214",
  "lastModified": "2024-11-21T03:00:48.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-14T00:59:35.443",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94807"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037417"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise1"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-08-29 12:07
Modified
2024-11-21 01:53
Severity ?
Summary
The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=30524Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1028965Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=30524Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1028965Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an HTML document, aka Bug ID CSCug02515."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n de portal cautivo en Cisco Identity Services Engine (ISE) permite a atacantes remotos descubrir los nombres de usuario y contrase\u00f1as en texto plano mediante el aprovechamiento no especificado del uso de campos ocultos en un formulario en un documento HTML, tambi\u00e9n conocido como Bug ID CSCug02515."
    }
  ],
  "id": "CVE-2013-3471",
  "lastModified": "2024-11-21T01:53:41.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-08-29T12:07:54.037",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1028965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1028965"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-16 19:15
Modified
2024-11-21 04:28
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodisVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodisVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)
cisco identity_services_engine_software 2.4\(0.357\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC9CF6C-838C-4C7F-8944-4F0736875207",
              "versionEndExcluding": "2.4\\(0.357\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):-:*:*:*:*:*:*",
              "matchCriteriaId": "530BF3D8-E256-4ADB-B0CB-6970885D65AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B2FC1F25-BFCE-4EDF-A663-F9A3DB2CBB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch2:*:*:*:*:*:*",
              "matchCriteriaId": "22165A20-D544-4C98-9A6A-5FC0E635668B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch3:*:*:*:*:*:*",
              "matchCriteriaId": "0059B8B5-5168-4A16-93EA-C959AADF6929",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch4:*:*:*:*:*:*",
              "matchCriteriaId": "094F2C84-FF31-4C16-928B-8B55057125F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch5:*:*:*:*:*:*",
              "matchCriteriaId": "573A629A-0747-4146-955A-AE3198A33103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch6:*:*:*:*:*:*",
              "matchCriteriaId": "A2AA30CC-A4D1-477D-9AD5-BFD2C1A91C02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch7:*:*:*:*:*:*",
              "matchCriteriaId": "E4EF10D4-BA24-46F8-9FFD-95DDFBFEB919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch8:*:*:*:*:*:*",
              "matchCriteriaId": "71BBA48D-FCDC-4096-AF12-981F17E28815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):patch9:*:*:*:*:*:*",
              "matchCriteriaId": "26F5B643-6971-40D7-BF81-81CC3FE6A16D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker read tcpdump files generated on an affected device. The vulnerability is due an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to read a tcpdump file generated with a particular naming scheme."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Identity Services Engine (ISE) Software, podr\u00eda permitir a un atacante remoto no autenticado leer archivos tcpdump generados en un dispositivo afectado. La vulnerabilidad es debido a un problema en la l\u00f3gica de autenticaci\u00f3n de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n dise\u00f1ada hacia la interfaz web. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante leer un archivo tcpdump generado con un esquema de nomenclatura particular."
    }
  ],
  "id": "CVE-2019-15282",
  "lastModified": "2024-11-21T04:28:22.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-16T19:15:15.583",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191016-ise-infodis"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:38
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/104424Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1041066Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xssVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104424Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041066Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xssVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.3\(0.298\)
cisco identity_services_engine_software 2.4\(0.126\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.3\\(0.298\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC967491-4B83-40BD-9E91-1AE1BDA77B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.126\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DE48D448-68BE-4F3C-9FC9-E1D47D3E7A7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvf72309."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de algunos par\u00e1metros que se pasan a la interfaz web de gesti\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de la interfaz para que haga clic en un enlace espec\u00edfico. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz o que pueda acceder a informaci\u00f3n sensible del navegador. Cisco Bug IDs: CSCvf72309."
    }
  ],
  "id": "CVE-2018-0339",
  "lastModified": "2024-11-21T03:38:00.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-07T21:29:00.667",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104424"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041066"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ise-xss"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-26 00:25
Modified
2024-11-21 02:07
Severity ?
Summary
Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=34329Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1030274Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=34329Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030274Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does not properly handle deadlock conditions during reception of crafted RADIUS accounting packets from multiple NAS devices, which allows remote authenticated users to cause a denial of service (RADIUS outage) by sourcing these packets from two origins, aka Bug ID CSCuo56780."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) y anteriores no maneja debidamente condiciones de bloqueo durante la recepci\u00f3n de paquetes de contabilidad RADIUS manipulados de m\u00faltiples dispositivos NAS, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (RADIUS outage) mediante la obtenci\u00f3n de estos paquetes de dos origines, tambi\u00e9n conocido como Bug ID CSCuo56780."
    }
  ],
  "id": "CVE-2014-3276",
  "lastModified": "2024-11-21T02:07:46.573",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-05-26T00:25:31.470",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34329"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1030274"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-09-30 17:09
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.
References
ykramarz@cisco.comhttp://osvdb.org/97877
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=31007Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/62694Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029110Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87531
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/97877
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=31007Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62694Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029110Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87531
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en el portal Mobile Device Management (MDM) en Cisco Identity Services Engine (ISE) permite a atacantes remotos inyectar secuencias de \ncomandos web o HTML arbitrarias a trav\u00e9s de un par\u00e1metro no especificado, aka Bug ID CSCui30266."
    }
  ],
  "id": "CVE-2013-5504",
  "lastModified": "2024-11-21T01:57:36.137",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-30T17:09:25.457",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/97877"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62694"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029110"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5504"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87531"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-17 03:29
Modified
2024-11-21 03:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg86743.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/104194Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1040926Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xssVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104194Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040926Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xssVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.1\(0.905\)
cisco identity_services_engine -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.1\\(0.905\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE43C89-BB59-4751-B117-5F9F54ABEBE9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user\u0027s browser in the context of an affected site. Cisco Bug IDs: CSCvg86743."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el c\u00f3digo framework de red de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Scripting (XSS) contra un usuario de dicha interfaz en el sistema afectado. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de ciertos par\u00e1metros que se pasan al software afectado mediante los m\u00e9todos HTTP GET y POST. Un atacante que pueda convencer a un usuario para que siga un enlace proporcionado por el atacante podr\u00eda ejecutar c\u00f3digo de script o HTML en el navegador del usuario en el contexto de un sitio afectado. Cisco Bug IDs: CSCvg86743."
    }
  ],
  "id": "CVE-2018-0327",
  "lastModified": "2024-11-21T03:37:59.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-17T03:29:00.903",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104194"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040926"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040926"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-07-15 18:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39872Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032929Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39872Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032929Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.2\(0.793\)
cisco identity_services_engine_software 1.3\(0.876\)
cisco identity_services_engine_software 1.4\(0.181\)
cisco identity_services_engine_software 1.4\(0.876\)
cisco identity_services_engine_software 2.0\(0.147\)
cisco identity_services_engine_software 2.0\(0.169\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.793\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "02270440-39DC-4105-B54F-25CF15507461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0C8A13-77BB-4D48-99C1-6C16D6A13FA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.181\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC32610B-2D09-4F85-A2A1-775E6A778A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.876\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2B02FE98-8F56-4B41-8E4A-1604CF796791",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.0\\(0.147\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B786B1C6-9772-4210-925F-A0381E6A01F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.0\\(0.169\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "74F92467-49F9-4727-8471-DA3F398F9BF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus09940."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF en el Framework Web en Cisco Identity Services Engine (ISE) 1.2 (0.793), 1.3 (0.876), 1.4 (0.109), 2.0 (0.147), y 2.0 (0.169) que permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como Bug ID CSCus09940."
    }
  ],
  "id": "CVE-2015-4267",
  "lastModified": "2024-11-21T02:30:44.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-15T18:59:00.083",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39872"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032929"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-25 03:52
Modified
2024-11-21 01:57
Severity ?
Summary
The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iseVendor Advisory
ykramarz@cisco.comhttp://www.kb.cert.org/vuls/id/952422Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/952422Third Party Advisory, US Government Resource
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine_software 1.1.2
cisco identity_services_engine_software 1.1.3
cisco identity_services_engine_software 1.1.4
cisco identity_services_engine_software 1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FCEF17-0223-44B8-947E-9CC733ED28DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA5CBE3-DBA6-4A3E-A07A-250C0C7155EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AD33E0-8946-4AEE-BA17-F5C270EF2320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F6C359-EA1F-4194-8561-6B9E0B44A0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F2D8379-16E9-4CB7-85B6-66BF98E23E52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web framework in Cisco Identity Services Engine (ISE) 1.0 and 1.1.0 before 1.1.0.665-5, 1.1.1 before 1.1.1.268-7, 1.1.2 before 1.1.2.145-10, 1.1.3 before 1.1.3.124-7, 1.1.4 before 1.1.4.218-7, and 1.2 before 1.2.0.899-2 allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443, aka Bug ID CSCuh81511."
    },
    {
      "lang": "es",
      "value": "El framework web de Cisco Identitiy Services Engine (ISE) 1.0 y 1.1.0 antes 1.1.0.665-5, antes 1.1.1.268-7 1.1.1, 1.1.2 antes 1.1.2.145-10, 1.1.3 antes 1.1.3.124 -7, antes 1.1.4.218-7 1.1.4 y 1.2 antes 1.2.0.899-2 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una sesi\u00f3n manipulada en el puerto TCP 443, tambi\u00e9n conocido como Bug ID CSCuh81511."
    }
  ],
  "id": "CVE-2013-5530",
  "lastModified": "2024-11-21T01:57:38.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-25T03:52:54.987",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/952422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/952422"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-12-22 19:59
Modified
2024-11-21 02:18
Severity ?
Summary
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1031423
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031423
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor\u0027s guest account via a modified HTTP request, aka Bug ID CSCur64400."
    },
    {
      "lang": "es",
      "value": "El portal de patrocinio en Cisco Identity Services Engine (ISE) permite a usuarios remotos autenticados obtener acceso a una cuenta de invitado de los patrocinadores a trav\u00e9s de una petici\u00f3n manipulada HTTP. Tambi\u00e9n conocido como Bug ID CSCur64400."
    }
  ],
  "id": "CVE-2014-8015",
  "lastModified": "2024-11-21T02:18:25.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-22T19:59:00.053",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1031423"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031423"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-16 10:52
Modified
2024-11-21 01:57
Severity ?
Summary
The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -
cisco identity_services_engine -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The file-upload feature in Cisco Identity Services Engine (ISE) allows remote authenticated users to cause a denial of service (disk consumption and administration-interface outage) by uploading many files, aka Bug ID CSCui67519."
    },
    {
      "lang": "es",
      "value": "La caracteristica file-upload en Cisco Identity Services Engine (ISE) permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (consumo de disco y corte del interface de administraci\u00f3n) subiendo muchos archivos, tambien conocido como Bug ID CSCui67519."
    }
  ],
  "id": "CVE-2013-5540",
  "lastModified": "2024-11-21T01:57:40.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-16T10:52:45.417",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5540"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-02-22 02:59
Modified
2024-11-21 03:26
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908).
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/96249
ykramarz@cisco.comhttp://www.securitytracker.com/id/1037841
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96249
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037841
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-iseVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.4\(0.908\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.908\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "77F3CABE-0428-4B78-8B69-E145451E7FFF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el portal patrocinador de Cisco Identity Services Engine (ISE) podr\u00eda permitir a un atacante remoto no autenticado acceder a avisos de otros usuarios debido a inyecci\u00f3n de SQL. M\u00e1s Informaci\u00f3n: CSCvb15627. Lanzamientos Afectados Conocidos: 1.4(0.908)."
    }
  ],
  "id": "CVE-2017-3835",
  "lastModified": "2024-11-21T03:26:12.650",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-22T02:59:00.387",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/96249"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1037841"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/96249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-12-22 19:59
Modified
2024-11-21 02:18
Severity ?
Summary
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/71767
ykramarz@cisco.comhttp://www.securitytracker.com/id/1031425
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71767
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031425
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de copias de seguridad peri\u00f3dicas de Cisco Identity Services Engine (ISE) permite a atacantes remotos descubrir contrase\u00f1as cifradas de copias de seguridad a trav\u00e9s de una petici\u00f3n manipulada que desencadena la inclusi\u00f3n de una contrase\u00f1a en la respuesta. Tambi\u00e9n conocido como Bug ID CSCur41673"
    }
  ],
  "id": "CVE-2014-8017",
  "lastModified": "2024-11-21T02:18:26.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-22T19:59:01.287",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/71767"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1031425"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71767"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031425"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-25 03:52
Modified
2024-11-21 01:57
Severity ?
Summary
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine no restringe adecuadamente la creaci\u00f3n de cuentas de invitado, lo cual permite a atacantes remotos causar denegaci\u00f3n de servicio (agotamiento de cuentas) a trav\u00e9s de una serie de peticiones en una sesi\u00f3n, aka Bug ID CSCue94287."
    }
  ],
  "id": "CVE-2013-5521",
  "lastModified": "2024-11-21T01:57:37.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-25T03:52:54.953",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5521"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-15 20:29
Modified
2024-11-21 03:50
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/106513Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xssVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106513Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xssVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.4\(0.357\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A8BDB6-C84A-4831-89C8-82F9CF639127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some parameters passed to the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de dicha interfaz. La vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente de algunos par\u00e1metros que se pasan a la interfaz web de gesti\u00f3n de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de la interfaz para que haga clic en un enlace espec\u00edfico. Un exploit con \u00e9xito podr\u00eda permitir que el atacante ejecute c\u00f3digo script arbitrario en el contexto de la interfaz web de gesti\u00f3n afectada o que acceda a informaci\u00f3n sensible del navegador."
    }
  ],
  "id": "CVE-2018-15463",
  "lastModified": "2024-11-21T03:50:51.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-15T20:29:00.287",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106513"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-09-30 17:09
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275.
References
ykramarz@cisco.comhttp://osvdb.org/97875
ykramarz@cisco.comhttp://secunia.com/advisories/54626Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=31008Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/62693
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029111
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87530
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/97875
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54626Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=31008Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62693
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029111
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87530
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad cross-site scripting (XSS) en una p\u00e1gina de administraci\u00f3n de Cisco Identity Services Engine (ISE) permite a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro no especificado, tambi\u00e9n conocido como Bug ID CSCui30275."
    }
  ],
  "id": "CVE-2013-5505",
  "lastModified": "2024-11-21T01:57:36.257",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-09-30T17:09:25.473",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/97875"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54626"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/62693"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1029111"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97875"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/54626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5505"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/62693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87530"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-10 10:55
Modified
2024-11-21 01:57
Severity ?
Summary
The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCui82666.
References
ykramarz@cisco.comhttp://osvdb.org/98168
ykramarz@cisco.comhttp://secunia.com/advisories/55207
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=31161Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/62869Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029157Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87724
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/98168
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55207
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=31161Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/62869Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029157Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87724
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCui82666."
    },
    {
      "lang": "es",
      "value": "El Sponsor Portal in Cisco Identity Services Engine (ISE) y anteriores versiones no restringe adecuadamente el uso de elementos IFRAME, lo que hace m\u00e1s sencillo para atacantes remotos llevar a cabo ataques de clickjacking y otros sin especificar a trav\u00e9s de un sitio web manipulado, relacionado con el fallo \"cross-frame scripting (XFS)\", tambi\u00e9n conocido como Bug ID CSCui82666."
    }
  ],
  "id": "CVE-2013-5523",
  "lastModified": "2024-11-21T01:57:38.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-10T10:55:06.583",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/98168"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/55207"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62869"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029157"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/98168"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/62869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87724"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-16 10:34
Modified
2024-11-21 01:41
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
References
ykramarz@cisco.comhttp://en.securitylab.ru/lab/
ykramarz@cisco.comhttp://secunia.com/advisories/50680
ykramarz@cisco.comhttp://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.htmlVendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/55602
af854a3a-2127-422b-91ae-364da2661108http://en.securitylab.ru/lab/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50680
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/55602
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.0.4
cisco identity_services_engine_software 1.0mr
cisco identity_services_engine_software 1.1
cisco identity_services_engine_software 1.1.1
cisco identity_services_engine 3300


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "150FE976-C88B-4C91-81AF-7D2FBAE92209",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0mr:*:*:*:*:*:*:*",
              "matchCriteriaId": "029478F4-EB13-4DF7-A93A-16A0D7ED8AEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FCEF17-0223-44B8-947E-9CC733ED28DC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:3300:*:*:*:*:*:*:*",
              "matchCriteriaId": "D73A5C88-E693-49CA-B7BB-0A44DEF6AE55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el interfase de usuario en ISE Administrador (tambi\u00e9n conocido como interfase Apache Tomcat) en los \"appliances\" Cisco Identity Services Engine (ISE) serie 3300 anteriores a 1.1.0.665 Cumulative Patch 1, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores, tambi\u00e9n conocido como Bug \u00c7ID CSCty46684.\r\n"
    }
  ],
  "id": "CVE-2012-3908",
  "lastModified": "2024-11-21T01:41:48.777",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-16T10:34:51.207",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://en.securitylab.ru/lab/"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/50680"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/55602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://en.securitylab.ru/lab/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55602"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-01-15 22:59
Modified
2024-11-21 02:18
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/72083
ykramarz@cisco.comhttp://www.securitytracker.com/id/1031560
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/100664
ykramarz@cisco.comhttps://tools.cisco.com/security/center/viewAlert.x?alertId=37045
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/72083
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1031560
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/100664
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/viewAlert.x?alertId=37045
Impacted products
Vendor Product Version
cisco identity_services_engine_software -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity Services Engine allow remote attackers to inject arbitrary web script or HTML via input to unspecified web pages, aka Bug IDs CSCur69835 and CSCur69776."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en Cisco Identity Services Engine permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de entradas en p\u00e1ginas web no especificadas, tambi\u00e9n conocido como Bug IDs CSCur69835 y CSCur69776."
    }
  ],
  "id": "CVE-2014-8022",
  "lastModified": "2024-11-21T02:18:26.677",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-01-15T22:59:01.413",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/72083"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1031560"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100664"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031560"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=37045"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-07-18 12:51
Modified
2024-11-21 01:53
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -
cisco identity_services_engine -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the web framework on the Cisco Identity Services Engine (ISE) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh25506."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad CSRF (Cross-site request forgery) en el framework Web en Cisco Identity Services Engine (ISE) permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios, tambi\u00e9n conocido como bug CSCuh25506."
    }
  ],
  "id": "CVE-2013-3420",
  "lastModified": "2024-11-21T01:53:36.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-07-18T12:51:14.243",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3420"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-15 19:29
Modified
2024-11-21 03:50
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/106513Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xssVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106513Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xssVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.4\(0.357\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.357\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C7A8BDB6-C84A-4831-89C8-82F9CF639127",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient sanitization of user-supplied data that is written to log files and displayed in certain web pages of the web-based management interface of an affected device. An attacker could exploit this vulnerability by convincing a user of the interface to click a specific link or view an affected log file. The injected script code may be executed in the context of the web-based management interface or allow the attacker to access sensitive browser-based information."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) persistente contra un usuario de dicha interfaz en un sistema afectado. La vulnerabilidad se debe al saneamiento insuficiente de los datos proporcionados por el usuario que se escriben en archivos de registro y se muestran en ciertas p\u00e1ginas web de la interfaz de gesti\u00f3n web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de la interfaz para que haga clic en un enlace espec\u00edfico o visualice un archivo de registro afectado. El c\u00f3digo script inyectado podr\u00eda ejecutarse en el contexto de la interfaz web de gesti\u00f3n o permitir que el atacante acceda a informaci\u00f3n sensible del navegador."
    }
  ],
  "id": "CVE-2018-15440",
  "lastModified": "2024-11-21T03:50:48.457",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-15T19:29:00.343",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106513"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106513"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-ise-multi-xss"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-10 10:55
Modified
2024-11-21 01:57
Severity ?
Summary
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.
References
ykramarz@cisco.comhttp://osvdb.org/98167
ykramarz@cisco.comhttp://secunia.com/advisories/55098
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=31160Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029156Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/87723
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/98167
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55098
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=31160Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029156Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/87723
Impacted products
Vendor Product Version
cisco identity_services_engine_software *
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en el framework web de Cisco Identity Services Engine (ISE) 1.2 y versiones anteriores permite a usuarios remotos sin autenticar ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores sin especificar, aka Bug ID CSCug90502."
    }
  ],
  "id": "CVE-2013-5525",
  "lastModified": "2024-11-21T01:57:38.407",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-10T10:55:06.677",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/98167"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/55098"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31160"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029156"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/98167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87723"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-16 07:29
Modified
2024-11-21 03:09
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/101931Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1039830Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101931Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039830Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-iseVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.1\(0.229\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.1\\(0.229\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5198CA68-1A6C-444D-A28A-6C8C89088E53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la p\u00e1gina de inicio de sesi\u00f3n de Guest Portal en Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto sin autenticar realice m\u00faltiples intentos de inicio de sesi\u00f3n excediendo el l\u00edmite de intentos de inicio de sesi\u00f3n configurado. La vulnerabilidad se debe a la aplicaci\u00f3n insuficiente de l\u00edmite de inicios de sesi\u00f3n del lado del servidor. Un atacante podr\u00eda explotar esta vulnerabilidad enviando intentos de inicio de sesi\u00f3n modificados a la p\u00e1gina de inicio de sesi\u00f3n de Guest Portal. Un exploit podr\u00eda permitir que el atacante lleve a cabo ataques de contrase\u00f1a por fuerza bruta en el Guest Portal de ISE. Cisco Bug IDs: CSCve98518."
    }
  ],
  "id": "CVE-2017-12316",
  "lastModified": "2024-11-21T03:09:17.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-16T07:29:00.773",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101931"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039830"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039830"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ise"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-307"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-04-29 21:55
Modified
2024-11-21 01:49
Severity ?
Summary
The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196Vendor Advisory
Impacted products
Vendor Product Version
cisco application_networking_manager -
cisco context_directory_agent -
cisco identity_services_engine_software -
cisco network_services_manager -
cisco prime_collaboration -
cisco prime_data_center_network_manager -
cisco prime_lan_management_solution -
cisco prime_network_control_system -
cisco quad -
cisco secure_access_control_system -
cisco unified_provisioning_manager -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_networking_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BC24E6-3295-4D09-AC77-F9B4DA0811BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:context_directory_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9167B80B-DBD4-4B26-9BBB-98C9F246ED91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:network_services_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AE172B5-15D4-400D-BF3F-A2177C02331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D132E7DF-3B63-4A2A-AE65-C5F90CCF3878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_data_center_network_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27D5E074-F68B-4BE3-8405-6F2ACB5BB9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E09BFF1-6273-4BC4-9DFA-563F490E2754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_network_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7377B5F-AA6C-4042-BEB9-E7450059C99B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:quad:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C75C3800-0ADB-4B41-B4B0-1B9C923ADEEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "716A2EC7-4A03-4BB9-B787-6DD285E25056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_provisioning_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C175AC04-44FB-4FC5-B8A6-046A50C9B75C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125."
    },
    {
      "lang": "es",
      "value": "La interfaz de l\u00ednea de comandos en el sistema Cisco Secure Access Control (ACS), Servicios de Identidad del motor de software, Agente de Directorio Contexto, Gerente de Redes de Aplicaciones (ANM), Sistema de Control de Red Prime, LAN Management Solution Prime (LMS), Prime Collaboration, Provisioning Manager Unificado , Network Services Manager, el primer Data Center Network Manager (DCNM) y Quad no validan correctamente la entrada, lo que permite a usuarios locales obtener privilegios de root a trav\u00e9s de vectores no especificados. Vulnerabilidad tambi\u00e9n conocida como Bug ID CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416 , CSCug29418, CSCug29422, CSCug29425 y CSCug29426. Se trata de una cuesti\u00f3n diferente que CVE-2013-1125."
    }
  ],
  "id": "CVE-2013-1196",
  "lastModified": "2024-11-21T01:49:05.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-29T21:55:37.203",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1196"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-01-29 18:34
Modified
2024-11-21 02:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064.
References
ykramarz@cisco.comhttp://osvdb.org/102589Broken Link
ykramarz@cisco.comhttp://secunia.com/advisories/56714Permissions Required
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=32609Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/65183Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1029699
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/102589Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56714Permissions Required
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=32609Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65183Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029699
Impacted products
Vendor Product Version
cisco identity_services_engine_software *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63BC1BB0-33FB-4CBC-99AD-E9E6593B2A11",
              "versionEndIncluding": "1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is not properly handled during generation of report-output pages, aka Bug ID CSCui15064."
    },
    {
      "lang": "es",
      "value": "Cross-site scripting (XSS) en Cisco Identity Services Engine (ISE)  1.2 parche 2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un informe que contiene una URL manipulada que no se maneja adecuadamente durante la generaci\u00f3n de p\u00e1ginas de informe de salida , tambi\u00e9n conocido como Bug ID CSCui15064."
    }
  ],
  "id": "CVE-2014-0681",
  "lastModified": "2024-11-21T02:02:39.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-01-29T18:34:05.340",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/102589"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/56714"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32609"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65183"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1029699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/102589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/56714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1029699"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-05-21 01:59
Modified
2024-11-21 02:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-iseVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035946
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035946
Impacted products
Vendor Product Version
cisco identity_services_engine -
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.0.899
cisco identity_services_engine_software 1.2.0.899


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p1:*:*:*:*:*:*",
              "matchCriteriaId": "033CAAE3-9F6D-4077-80F8-C3FC4821DC31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4DE94874-135D-4B99-BCB0-320003FFD42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p3:*:*:*:*:*:*",
              "matchCriteriaId": "E6A1503D-49EC-4B45-9F82-3EE3D3FD1AF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p4:*:*:*:*:*:*",
              "matchCriteriaId": "71F02403-8202-4E23-994E-6199FC22E691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p5:*:*:*:*:*:*",
              "matchCriteriaId": "C7FF4E32-8DCE-4354-B850-94B26CF034A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2.0.899:p6:*:*:*:*:*:*",
              "matchCriteriaId": "ACF42F3D-F22D-40A6-B130-9BC1721900CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815."
    },
    {
      "lang": "es",
      "value": "El componente de integraci\u00f3n Active Directory (AD) en Cisco Identity Service Engine (ISE) en versiones anteriores a 1.2.0.899 patch 7, cuando se habilita la autorizaci\u00f3n para miembros del grupo AD, permite a atacantes remotos provocar una denegaci\u00f3n del servicio (fallo de autenticaci\u00f3n) a trav\u00e9s de una solicitud de autenticaci\u00f3n Password Authentication Protocol (PAP) manipulada, tambi\u00e9n conocido como Bug ID CSCun25815."
    }
  ],
  "id": "CVE-2016-1402",
  "lastModified": "2024-11-21T02:46:22.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-21T01:59:01.520",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160517-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035946"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-01 20:29
Modified
2024-11-21 03:38
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/104950Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1041408Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104950Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041408Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrfVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 2.0\(0.901\)
cisco identity_services_engine_software 2.1\(0.188\)
cisco identity_services_engine_software 2.2\(0.231\)
cisco identity_services_engine_software 2.4\(0.183\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.0\\(0.901\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1A46B84D-FC7F-42A1-9735-416690F00DB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.1\\(0.188\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "039A2209-0A91-408B-8509-1CC11E7E294A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.2\\(0.231\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "04F1E2C5-BB69-496C-9099-4A82C357FF8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:2.4\\(0.183\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84EF9A7B-2B5C-4F72-B50F-C1E9EEC98F0D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Site Request Forgery (CSRF) y realizar acciones arbitrarias en un dispositivo afectado. La vulnerabilidad se debe a la medidas de protecci\u00f3n contra CSRF insuficientes para la interfaz de administraci\u00f3n web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que un usuario de la interfaz siga un enlace manipulado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante realice acciones arbitrarias en un dispositivo objetivo mediante un navegador web y con los privilegios del usuario. Cisco Bug IDs: CSCvi85159."
    }
  ],
  "id": "CVE-2018-0413",
  "lastModified": "2024-11-21T03:38:10.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-01T20:29:00.513",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104950"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041408"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104950"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041408"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-ise-csrf"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-16 10:52
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541Vendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software -
cisco identity_services_engine -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E2241B7-C8D4-4CA2-A333-EDD1877AD94D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8A64C2-2A16-4A96-822D-2EFC3D61D58D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en la interfaz de file-upload de Cisco Identity Services Engine (ISE) permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de un nombre de archivo dise\u00f1ado, conocido como Bug ID CSCui67495."
    }
  ],
  "id": "CVE-2013-5541",
  "lastModified": "2024-11-21T01:57:40.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-10-16T10:52:45.433",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5541"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-08-28 15:59
Modified
2024-11-21 02:34
Severity ?
Summary
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=40691Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1033405
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=40691Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033405
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.2\(0.899\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.899\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D32BCD47-ADA6-4336-A3E0-9812A0177D7A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el portal de invitado en Cisco Identity Services Engine (ISE) 3300 1.2(0.899), no restringe el acceso a documentos HTML subidos, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de documentos personalizados a trav\u00e9s de una petici\u00f3n directa, tambi\u00e9n conocida como Bug ID CSCuo78045."
    }
  ],
  "id": "CVE-2015-6266",
  "lastModified": "2024-11-21T02:34:40.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-28T15:59:01.297",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1033405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033405"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-07-14 17:59
Modified
2024-11-21 02:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39873Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032889Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39873Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032889Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.2\(1.198\)
cisco identity_services_engine_software 1.3\(0.876\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.198\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E4448DC8-E3DE-4D1D-870A-F399B2CAAD7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3\\(0.876\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0C8A13-77BB-4D48-99C1-6C16D6A13FA5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCus16052."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XXS) en la infraestructura administrativa UI en Cisco Identity Services Engine (ISE) 1.2(1.198) y 1.3(0.876), permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados en los m\u00e9todos GET o petici\u00f3n POST, error conocido como Bug ID CSCus16052."
    }
  ],
  "id": "CVE-2015-4268",
  "lastModified": "2024-11-21T02:30:44.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-07-14T17:59:04.290",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39873"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032889"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2015-06-12 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=39299Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/75152Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1032579Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=39299Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75152Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032579Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.0.4.573
cisco identity_services_engine_software 1.0_base
cisco identity_services_engine_software 1.1
cisco identity_services_engine_software 1.2
cisco identity_services_engine_software 1.2\(0.747\)
cisco identity_services_engine_software 1.2\(0.899\)
cisco identity_services_engine_software 1.2\(1.901\)
cisco identity_services_engine_software 1.3
cisco identity_services_engine_software 1.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0.4.573:*:*:*:*:*:*:*",
              "matchCriteriaId": "694B3E06-FAA9-4A60-97FE-C51518CE151F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE34CBD5-FF02-42C6-B4C3-D42FB6D30EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F2D8379-16E9-4CB7-85B6-66BF98E23E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.747\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4388586C-A521-421E-ABBE-34DB8AFBD05F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(0.899\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D32BCD47-ADA6-4336-A3E0-9812A0177D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.2\\(1.901\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B634CA68-6F80-4D69-9A00-32E62E15D294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "060F7E13-7E07-4EE9-B61D-B0F91E30FDEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5426F0F2-D5FE-49A1-B617-1ADDE83B2456",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087."
    },
    {
      "lang": "es",
      "value": "La interfaz web administrativa en Cisco Identity Services Engine (ISE) anterior a 1.3 permite a usuarios remotos autenticados evadir las restricciones de acceso, y obtener informaci\u00f3n sensible o cambiar configuraciones, a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCui72087."
    }
  ],
  "id": "CVE-2015-4182",
  "lastModified": "2024-11-21T02:30:35.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-12T14:59:04.443",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75152"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75152"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032579"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-10-25 03:52
Modified
2024-11-21 01:57
Severity ?
Summary
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iseVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-iseVendor Advisory
Impacted products
Vendor Product Version
cisco identity_services_engine_software 1.0
cisco identity_services_engine_software 1.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA49BB84-9E6B-4510-B2DF-178C2E6C0CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine_software:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "50CE032F-3BD1-462D-B2DD-4088EA7CE037",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 443, aka Bug ID CSCty20405."
    },
    {
      "lang": "es",
      "value": "Cisco Identity Services Engine (ISE) 1.x anteriores a 1.1.1 permite a atacantes remotos sortear la autenticaci\u00f3n, y leer configuraci\u00f3n de soporte y datos de credenciales, a traves de una sesion TCP manipulada en el puerto 443, tambien conocido como Bug ID CSCty20405."
    }
  ],
  "id": "CVE-2013-5531",
  "lastModified": "2024-11-21T01:57:39.097",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-25T03:52:55.017",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-ise"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}