Cross site request forgery (csrf)

2022-11-0418:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

cisco ise

web interface

remote attackers

csrf attacks

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.9%

JSON

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the target user.

CPENameOperatorVersion
identity_services_enginelt2.6.0
identity_services_engineeq2.6.0 patch1
identity_services_engineeq2.6.0 patch2
identity_services_engineeq2.6.0 patch3
identity_services_engineeq2.6.0 patch6
identity_services_engineeq2.6.0 patch5
identity_services_engineeq2.6.0
identity_services_engineeq2.6.0 patch7
identity_services_engineeq2.7.0 patch2
identity_services_engineeq3.0.0

Name	Operator	Version
identity_services_engine	lt	2.6.0
identity_services_engine	eq	2.6.0 patch1
identity_services_engine	eq	2.6.0 patch2
identity_services_engine	eq	2.6.0 patch3
identity_services_engine	eq	2.6.0 patch6
identity_services_engine	eq	2.6.0 patch5
identity_services_engine	eq	2.6.0
identity_services_engine	eq	2.6.0 patch7
identity_services_engine	eq	2.7.0 patch2
identity_services_engine	eq	3.0.0