Skip to Content

Cisco Identity Server Engine Vulnerabilities

Cisco has published an advisory alerting users to four vulnerabilities in its Identity Server Engine (ISE): a tcpdump feature command injection vulnerability; a tcpdump stored cross-site scripting vulnerability; an External RADIUS Server feature stored cross-site scripting vulnerability; and an access bypass vulnerability. Cisco plans to release updates to address the flaws; there are no workarounds.

Note

  • ISE is an identity-based network access control (NAC) and policy enforcement system, likely a component in your Zero-Trust implementation as you already own it, therefore, fixing this is kind of a big deal. The workaround is there are no workarounds. As such, you need to wait for updates to be released by Cisco. Cisco will only be releasing fixes for ISE 3.1 (3.1p6, March 2023) and 3.2 (3.2p1 January 2023) – as well as providing Hot Patches for 3.1p5 and 3.2, contact your Cisco TAC.

Read more in

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.