CVE-2018-0214

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine (ISE) (affected versions not specified)

Description: A command injection issue exists due to insufficient input validation of CLI command user input, allowing an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user. The attacker must have valid user credentials for the device and could exploit this by issuing a CLI command with crafted user input.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.