(I)IoT Security News
Critical vulnerabiliities, Market, News, Recommendations, Vulnerabilities

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Determine Whether ERS is Enabled

For Cisco ISE releases 2.0 to 2.7, do the following:

  1. Log in to the Cisco ISE web management interface.
  2. Choose Administration > System > Settings.
  3. Choose ERS Settings.
    • If Enable ERS for Read/Write is selected, the device is vulnerable.
    • If Disable ERS is selected, the device is not vulnerable.

For Cisco ISE Release 3.0, do the following:

  1. Log in to the Cisco ISE web management interface.
  2. Click the menu icon.
  3. Choose Administration > System > Settings.
  4. Choose ERS Settings.
    • If Enable ERS for Read/Write is selected, the device is vulnerable.
    • If Disable ERS is selected, the device is not vulnerable.

For Cisco ISE releases 3.1 and 3.2, do the following:

  1. Log in to the Cisco ISE web management interface.
  2. Click the menu icon.
  3. Choose Administration > System Settings.
  4. Choose API Settings.
  5. Choose the API Service Settings tab.
    • If ERS (Read/Write) is selected, the device is vulnerable.
    • If ERS (Read/Write) is not selected, the device is not vulnerable.

Workarounds

To disable ERS in Cisco ISE Release 3.0, do the following:

  1. Log in to the Cisco ISE web management interface.
  2. Click the menu icon.
  3. Choose Administration > System > Settings.
  4. Click the Disable ERS radio button.

To disable ERS in Cisco ISE releases 3.1 and 3.2, do the following:

  1. Log in to the Cisco ISE web management interface.
  2. Click the menu icon.
  3. Choose Administration > System Settings.
  4. Choose API Settings.
  5. Choose the API Service Settings tab.
  6. Click the ERS (Read/Write) toggle switch to deactivate it.

Fixed Releases

Cisco ISE Software ReleaseFirst Fixed Release
2.4and earlierMigrate to fixed release.
2.62Migrate to fixed release.
2.722.7P8 (Nov 2022)
3.023.0P7 (Feb 2023)
3.13.1P4
3.223.2P1 (Jan 2023)

The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.

Exploitation and Public Announcements

URL

Source:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M

Related posts

Omron CX-Supervisor (Update A)

(I) IoT
6 years ago

Two Zero-Day Exploits Found After Someone Uploaded ‘Unarmed’ PoC to VirusTotal

(I) IoT
6 years ago

Delta Controls enteliBUS Controllers

(I) IoT
5 years ago
Exit mobile version