Cisco Identity Services Engine Cross-Site Scripting Vulnerability

2019-10-0216:00:00

tools.cisco.com

120

EPSS

0.002

Percentile

51.5%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.

The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ise-xss [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ise-xss”]

Affected configurations

Vulners

Node

ciscoidentity_services_engine_softwareMatchany

VendorProductVersionCPE
ciscoidentity_services_engine_softwareanycpe:2.3:a:cisco:identity_services_engine_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	identity_services_engine_software	any	cpe:2.3:a:cisco:identity_services_engine_software:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ise-xss

EPSS

0.002

Percentile

51.5%

JSON

Related for CISCO-SA-20191002-ISE-XSS