Cisco Releases Security Updates for Cisco Identity Services Engine

Cisco has released two security advisories rated as High impact and one security advisory rated as Medium impact

Threat ID:: CC-4216
Threat Severity:: Information only
Published:: 17 November 2022 4:30 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Cisco has released two security advisories rated as High impact and one security advisory rated as Medium impact

Affected platforms

The following platforms are known to be affected:

Versions: 2.7 and earlier, 3.0 and earlier, 3.1, 3.2

Cisco ISE

Threat details

Introduction

Cisco has released two security advisories rated as High impact and one security advisory rated as Medium impact. Two of the vulnerabilities in the High impact advisories relate to arbitrary code execution on the underlying operating system and an improper access control in the web-based management interface that could lead to authorisation bypass.

A remote authenticated attacker could exploit these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates.

Remediation steps

Type	Step
Patch	Cisco Identity Services Engine Vulnerabilities \| cisco-sa-ise-7Q4TNYUx https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx
Patch	Cisco Identity Services Engine Insufficient Access Control Vulnerability \| cisco-sa-ise-access-contol-EeufSUCx https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx
Patch	Cisco Identity Services Engine Cross-Site Scripting Vulnerability \| cisco-sa-ise-xss-twLnpy3M https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M

Definitive source of threat updates

CVE Vulnerabilities

CVE-2022-20964

CVE-2022-20965

CVE-2022-20966

CVE-2022-20967

CVE-2022-20956

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"]

Status Published

CVE-2022-20959

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Last edited: 17 November 2022 4:30 pm