Skip to main content

Cisco Releases Security Updates for Cisco Identity Services Engine

Cisco has released two security advisories rated as High impact and one security advisory rated as Medium impact

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

Cisco has released two security advisories rated as High impact and one security advisory rated as Medium impact


Affected platforms

The following platforms are known to be affected:

Threat details

Introduction

Cisco has released two security advisories rated as High impact and one security advisory rated as Medium impact. Two of the vulnerabilities in the High impact advisories relate to arbitrary code execution on the underlying operating system and an improper access control in the web-based management interface that could lead to authorisation bypass. 

A remote authenticated attacker could exploit these vulnerabilities to take control of an affected system.

 


Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories and apply the necessary updates.


Remediation steps

Type Step
Patch

Cisco Identity Services Engine Vulnerabilities | cisco-sa-ise-7Q4TNYUx


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx
Patch

Cisco Identity Services Engine Insufficient Access Control Vulnerability | cisco-sa-ise-access-contol-EeufSUCx


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx
Patch

Cisco Identity Services Engine Cross-Site Scripting Vulnerability | cisco-sa-ise-xss-twLnpy3M


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M


CVE Vulnerabilities

Last edited: 17 November 2022 4:30 pm