Multiple vulnerabilities in Cisco Identity Services Engine
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2018-0211 CVE-2018-0212 CVE-2018-0213 CVE-2018-0214 CVE-2018-0215 CVE-2018-0216 CVE-2018-0221 |
| CWE-ID | CWE-20 CWE-79 CWE-264 CWE-77 CWE-352 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco Identity Services Engine (ISE) Server applications / Other server solutions Other |
| Vendor |
Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU10903
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0211
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker with administrative privileges to cause DoS condition on the target system.
The weakness exists in specific CLI commands for the Cisco Identity Services Engine due to lack of proper input validation of the CLI user input for certain CLI commands. A local attacker can authenticate to the device and issue a specially crafted, malicious CLI command and cause a DoS condition.
Install update from vendor's website.
Vulnerable software versionsCisco Identity Services Engine (ISE): 2.1.0.474 - 2.4.0.247
CPE2.3- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.1.0.474:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.2.1.145:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.4.0.247:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU10904
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0212
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the web-based management interface due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 2.2(0.906).
Vulnerable software versions:
CPE2.3- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.1.0.474:*:*:*:*:*:*:*
- cpe:2.3::::2.1.0.904:*:*:*:*:*:*:*
- cpe:2.3::::2.2.0.470:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU10905
Risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0213
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges.
The vulnerability exists in the credential reset functionality due to insufficient sanitization of user-supplied data. A remote attacker can authenticate to the device with valid user credentials, send a specially crafted HTTP request and gain elevated privileges to access functionality that should be restricted.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Identity Services Engine (ISE): 2.1.0.904
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command injection
EUVDB-ID: #VU10906
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0214
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands.
The vulnerability exists in certain CLI commands due to insufficient input validation of CLI command user input. A local attacker can authenticate to the targeted device with valid user credentials, issue a CLI command with crafted user input and execute arbitrary commands on the affected system that should be restricted.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Identity Services Engine (ISE): 2.1.102.103
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site request forgery
EUVDB-ID: #VU10907
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0215
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists in the web-based management interface due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
Install update from vendor's website.
Vulnerable software versionsCisco Identity Services Engine (ISE): 2.0.0.234
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cross-site request forgery
EUVDB-ID: #VU10908
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0216
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists in the web-based management interface due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
Install update from vendor's website.
Vulnerable software versionsCisco Identity Services Engine (ISE): 2.0.0.249
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Command injection
EUVDB-ID: #VU10909
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0221
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands.
The vulnerability exists in specific CLI commands due to incomplete input validation of user input for certain CLI ISE configuration commands. A local attacker can authenticate as an administrative user, issue a specific CLI command, enter a specially crafted, malicious user input for the command parameters, perform command injection to the lower-level Linux operating system and cause the ISE user interface for this management session to hang or disconnect.
MitigationInstall update from vendor's website.
Vulnerable software versionsCisco Identity Services Engine (ISE): 2.2.0.470 - 2.4.0.192
CPE2.3- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.2.0.470:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.2.0.903:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_identity_services_engine:2.4.0.192:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
