Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.

Related CPE's

a

cisco

identity_services_engine

20

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-csrf-y4ZUz5Rj

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-352

[email protected]

Primary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-08-21T18:15:08.933Z

1 year ago

Last modified

2025-03-31T16:20:38.103Z

11 months ago