Identity Services Engine
CVE-2017-6701
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101).
AnalysisAI
A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd49141. Known Affected Releases: 2.1(102.101). Affected products include: Cisco Identity Services Engine.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Identity Services Engine
View allCisco ISE and ISE-PIC contain a critical input injection vulnerability (CVE-2025-20281, CVSS 10.0) that allows unauthent
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to
A vulnerability in the authentication module of Cisco Identity Services Engine (ISE) could allow an unauthenticated, rem
CVE-2025-20282 is a critical remote code execution vulnerability in Cisco ISE and ISE-PIC that allows unauthenticated at
Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.
A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacke
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, re
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command inje
A vulnerability in the Localdisk Management feature of Cisco Identity Services Engine (ISE) could allow an authenticated
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthentic
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today