CVE-2019-15281: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
First published: Wed Oct 16 2019(Updated: )
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The attacker must have valid administrator credentials. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting malicious code into a troubleshooting file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Identity Services Engine | <2.4\(0.357\) | |
| Cisco Identity Services Engine | =2.4\(0.357\) | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch1 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch2 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch3 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch4 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch5 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch6 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch7 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch8 | |
| Cisco Identity Services Engine | =2.4\(0.357\)-patch9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15281?
CVE-2019-15281 has a high severity level due to its potential for stored cross-site scripting attacks.
How do I fix CVE-2019-15281?
To fix CVE-2019-15281, upgrade Cisco Identity Services Engine Software to version 2.4(0.357) or later.
What impact does CVE-2019-15281 have on users?
CVE-2019-15281 allows authenticated attackers to execute malicious scripts in the browser of users accessing the Cisco Identity Services Engine web interface.
Is CVE-2019-15281 easy to exploit?
Exploiting CVE-2019-15281 requires authentication, making it easier for authorized users to conduct attacks.
Which versions of Cisco Identity Services Engine are affected by CVE-2019-15281?
CVE-2019-15281 affects Cisco Identity Services Engine Software versions up to 2.4(0.357) and its various patch versions.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco identity services engine
- version/cisco identity services engine/2.4\(0.357\)
- version/cisco identity services engine/2.4\(0.357\)-patch1
- version/cisco identity services engine/2.4\(0.357\)-patch2
- version/cisco identity services engine/2.4\(0.357\)-patch3
- version/cisco identity services engine/2.4\(0.357\)-patch4
- version/cisco identity services engine/2.4\(0.357\)-patch5
- version/cisco identity services engine/2.4\(0.357\)-patch6
- version/cisco identity services engine/2.4\(0.357\)-patch7
- version/cisco identity services engine/2.4\(0.357\)-patch8
- version/cisco identity services engine/2.4\(0.357\)-patch9