Vulnerability: Stored Cross Site ScriptingĬonstraints: None exploitable by an unauthenticated attackerĪffected versions: confirmed on ISE virtual appliance v2.4.0.357
#CISCO ISE 2.4 設定 CODE#
They are still shipping (and recommending) a product version vulnerable to unauthenticated remote code execution, with a fully working public exploit and no way to track fixes or fixed versions for these vulnerabilities.Īgile Information Security would like to thank Beyond Security's SSD Secure Disclosure programme for helping us disclose these vulnerabilities to Cisco, and publishing the advisory on their site. These actions show Cisco is incredibly negligent with regards to the security of their customers.
#CISCO ISE 2.4 設定 SOFTWARE DOWNLOAD#
This issue will be fixed in the upcoming ISE release".Īt the time of the latest update, Cisco still recommends version 2.4.0.357 - affected by all the vulnerabilities in this advisory - as the "Suggested Release" in their software download page. According with our Security vulnerability policy, we request do not request a CVE assignment for issue with a Severity Impact Rating (SIR) lower than Medium.
Ĭisco refused to credit Agile Information Security with finding vulnerabilities #2 and #3, and also refused to provide a CVE for both these vulnerabilities, saying regarding #3 that "This issue has been evaluated as a hardening effort to improve the security posture of the device. However, vulnerability #2 (Unsafe Flex AMF Java Object Deserialization) was also found and reported to Cisco by Olivier Arteau of Groupe Technologie Desjardins and vulnerability #3 (Privilege Escalation via Incorrect sudo File Permissions) was also found and reported to Cisco by Hector Cuesta. Īll the vulnerabilities in this advisory were found independently by Agile Information Security.
#CISCO ISE 2.4 設定 FULL#
A Ruby exploit that implements this full exploit chain (described in more detail at 'Exploitation summary', at the end of this file) is available in. We have analysed version 2.4.0.357 and found three vulnerabilities: an unauthenticated stored cross site scripting, a authenticated Java deserialization vulnerability leading to remote code execution as an unprivileged user, and a privilege escalation from that unprivileged user to root.īy putting them all together, we can achieve remote code execution as root, provided we can trap an administrator into visiting the page vulnerable to the stored cross site scripting. ISE is distributed by Cisco as a virtual appliance. It also shares vital contextual data, such as user and device identities, threats, and vulnerabilities with integrated solutions from Cisco technology partners, so you can identify, contain, and remediate threats faster." It helps you gain visibility into what is happening in your network, such as who is connected, which applications are installed and running, and much more. With ISE, you can see users and devices controlling access across wired, wireless, and VPN connections to the corporate network.Ĭisco ISE allows you to provide highly secure network access to users and devices.
The Cisco Identity Services Engine (ISE) is your one-stop solution to streamline security policy management and reduce operating costs.
> Discovered by Pedro Ribeiro Agile Information Security and Dominik Czarnota / Last updated: Change Mirror Download > Multiple vulnerabilities in Cisco Identity Services Engine (Unauth XSS to RCE as root)
0 kommentar(er)
