A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by persuading an authenticated administrator of the web-based management interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
- This vulnerability affected Cisco ISE Software if ERS was enabled.
Determine Whether ERS is Enabled
For Cisco ISE releases 2.0 to 2.7, do the following:
- Log in to the Cisco ISE web management interface.
- Choose Administration > System > Settings.
- Choose ERS Settings.
- If Enable ERS for Read/Write is selected, the device is vulnerable.
- If Disable ERS is selected, the device is not vulnerable.
For Cisco ISE Release 3.0, do the following:
- Log in to the Cisco ISE web management interface.
- Click the menu icon.
- Choose Administration > System > Settings.
- Choose ERS Settings.
- If Enable ERS for Read/Write is selected, the device is vulnerable.
- If Disable ERS is selected, the device is not vulnerable.
For Cisco ISE releases 3.1 and 3.2, do the following:
- Log in to the Cisco ISE web management interface.
- Click the menu icon.
- Choose Administration > System > Settings.
- Choose API Settings.
- Choose the API Service Settings tab.
- If ERS (Read/Write) is selected, the device is vulnerable.
- If ERS (Read/Write) is not selected, the device is not vulnerable.
Workarounds
- There are no workarounds that address this vulnerability. However, administrators may disable the affected feature.To disable ERS in Cisco ISE releases 2.0 to 2.7, do the following:
- Log in to the Cisco ISE web management interface.
- Choose Administration > System > Settings.
- Choose ERS Settings.
- Click the Disable ERS radio button.
To disable ERS in Cisco ISE Release 3.0, do the following:
- Log in to the Cisco ISE web management interface.
- Click the menu icon.
- Choose Administration > System > Settings.
- Click the Disable ERS radio button.
To disable ERS in Cisco ISE releases 3.1 and 3.2, do the following:
- Log in to the Cisco ISE web management interface.
- Click the menu icon.
- Choose Administration > System > Settings.
- Choose API Settings.
- Choose the API Service Settings tab.
- Click the ERS (Read/Write) toggle switch to deactivate it.
Fixed Releases
| Cisco ISE Software Release | First Fixed Release |
|---|---|
| 2.41 and earlier | Migrate to fixed release. |
| 2.62 | Migrate to fixed release. |
| 2.72 | 2.7P8 (Nov 2022) |
| 3.02 | 3.0P7 (Feb 2023) |
| 3.1 | 3.1P4 |
| 3.22 | 3.2P1 (Jan 2023) |
The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.
Exploitation and Public Announcements
- The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerability that is described in this advisory will become available after software fixes are released. Public reports of the vulnerability, including a description and classification without specific technical details, will become available after this advisory is published.The Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.
URL
Source:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss-twLnpy3M