Cisco Cisco Identity Services Engine Software
153 CVEs affecting Cisco Cisco Identity Services Engine Software. Latest disclosed: 2026-05-06. Critical: 9, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-20337 | Critical | 10.0 | 2025-07-16 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying op… |
CVE-2025-20282 | Critical | 10.0 | 2025-06-25 | A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected devi… |
CVE-2025-20281 | Critical | 10.0 | 2025-06-25 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying op… |
CVE-2026-20180 | Critical | 9.9 | 2026-04-15 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating… |
CVE-2026-20186 | Critical | 9.9 | 2026-04-15 | A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating… |
CVE-2026-20147 | Critical | 9.9 | 2026-04-15 | A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system o… |
CVE-2025-20286 | Critical | 9.9 | 2025-06-04 | A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE)… |
CVE-2025-20124 | Critical | 9.9 | 2025-02-05 | A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. T… |
CVE-2025-20125 | Critical | 9.1 | 2025-02-05 | A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change n… |
CVE-2023-20175 | High | 8.8 | 2023-11-01 | A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operati… |
CVE-2022-20961 | High | 8.8 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cros… |
CVE-2025-20343 | High | 8.6 | 2025-11-05 | A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on Cisco Identity Services Engine (ISE) could allow an unauthe… |
CVE-2025-20152 | High | 8.6 | 2025-05-21 | A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a den… |
CVE-2023-20243 | High | 8.6 | 2023-09-06 | A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the a… |
CVE-2022-20756 | High | 8.6 | 2022-04-06 | A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to s… |
CVE-2020-3467 | High | 7.7 | 2020-10-08 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of… |
CVE-2021-1594 | High | 7.5 | 2021-10-06 | A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack a… |
CVE-2022-20956 | High | 7.1 | 2022-11-03 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authoriza… |
CVE-2022-20822 | High | 7.1 | 2022-10-26 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete… |
CVE-2019-1851 | Medium | 6.8 | 2019-05-16 | A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to generat… |