A vulnerability in the administrative web interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote malicious user to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could exploit this vulnerability by authenticating to the device with an administrator account and sending a crafted HTTP request. A successful exploit could allow the malicious user to create additional Admin accounts with different user roles. An attacker could then use these accounts to perform actions within their scope. The attacker would need valid Admin credentials for the device. This vulnerability cannot be exploited to add a Super Admin account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco identity services engine 2.5\\(0.1\\) |
||
cisco identity services engine 2.3\\(0.298\\) |
Webex, security, IoT systems also need patches
Cisco's irregular patch cycle has come round again and this time the focus is on the company's SD-WAN product. As well as high-rated bugs in Webex, small business routers and various security products, Switchzilla has disclosed one critical bug in its SD-WAN, and another four vulnerabilities rated high. That critical rating was assigned to CVE-2019-1651, a bug in the SD-WAN's virtual container, vContainer, the VM which hosts the SD-WAN controllers. If an attacker sends a malicious file to the vC...