CVE-2018-15425

MEDIUM

Cisco Identity Services Engine - Insecure Deserialization

Title source: rule

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server.

References (2)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041792

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns

Scores

CVSS v3 4.7

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-502 CWE-20

Status published

Affected Products (8)

cisco/identity_services_engine

Timeline

Published Oct 05, 2018

Tracked Since Feb 18, 2026