cvedb.io
CVE-2018-0213
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2018-03-08T07:29:00.753 · Last modified 2026-06-17T01:30:14.343

Summary

A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request. A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted. The attacker must have valid user credentials to the device to exploit this vulnerability. Cisco Bug IDs: CSCvf69753.

Affected products

cisco — identity_services_engine

Does this affect you?

Add your gear to cvedb and we'll alert you only when cisco ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.