The vulnerability of the Cisco Identity Services Engine (ISE) policy management platform and the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device lies in the improper limitation on XML links to external objects. This allows attackers to load arbitrary files.
The vulnerability of the Cisco Identity Services Engine ISE policy management platform and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability coul...