A vulnerability in the file upload management of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to upload multiple files to a specific location of the filesystem and exhaust disk space. The vulnerability is due to insufficient management of filesystem free space. An attacker could exploit this vulnerability by uploading multiple files. An exploit could allow the malicious user to exhaust free disk space on the system, resulting in a denial of service (DoS) condition in which the administration interface becomes unresponsive. Cisco has confirmed the vulnerability in a security notice; however, software updates are not available. To exploit this vulnerability, an attacker would need to authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco identity_services_engine_software - |
||
cisco identity_services_engine - |
Vulmon