What is CVE-2021-40121?

CVE-2021-40121 is a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software that could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

What is the severity of CVE-2021-40121?

The severity of CVE-2021-40121 is medium with a CVSS score of 4.8.

How does CVE-2021-40121 affect Cisco Identity Services Engine?

CVE-2021-40121 affects multiple versions of Cisco Identity Services Engine (ISE) Software, including version 2.6 and 2.7.

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-40121?

The CWE ID for CVE-2021-40121 is CWE-79, which represents cross-site scripting (XSS) vulnerabilities.

How can I fix CVE-2021-40121?

To fix CVE-2021-40121, it is recommended to upgrade to a fixed version of Cisco Identity Services Engine (ISE) Software.

Vulnerability/
CVE-2021-40121

medium

6.1

CWE

21/10/2021

25/10/2021

CVE-2021-40121: XSS

First published: Thu Oct 21 2021(Updated: )

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Identity Services Engine	<=2.6
Cisco Identity Services Engine	=2.6\(0.156\)
Cisco Identity Services Engine	=2.6\(0.999\)
Cisco Identity Services Engine	=2.6.0
Cisco Identity Services Engine	=2.6.0-patch1
Cisco Identity Services Engine	=2.6.0-patch2
Cisco Identity Services Engine	=2.6.0-patch3
Cisco Identity Services Engine	=2.6.0-patch5
Cisco Identity Services Engine	=2.6.0-patch6
Cisco Identity Services Engine	=2.6.0-patch7
Cisco Identity Services Engine	=2.6.0-patch8
Cisco Identity Services Engine	=2.6.0-patch9
Cisco Identity Services Engine	=2.7
Cisco Identity Services Engine	=2.7\(0.207\)
Cisco Identity Services Engine	=2.7\(0.356\)
Cisco Identity Services Engine	=2.7\(0.356\)
Cisco Identity Services Engine	=2.7\(0.903\)
Cisco Identity Services Engine	=2.7.0
Cisco Identity Services Engine	=2.7.0-patch1
Cisco Identity Services Engine	=2.7.0-patch2
Cisco Identity Services Engine	=2.7.0-patch3
Cisco Identity Services Engine	=2.7.0-patch4
Cisco Identity Services Engine	=3.0\(0.458\)
Cisco Identity Services Engine	=3.0.0
Cisco Identity Services Engine	=3.0.0-patch1
Cisco Identity Services Engine	=3.0.0-patch2

Never miss a vulnerability like this again

Reference Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xss1-rgxYry2V

Frequently Asked Questions

What is CVE-2021-40121?
CVE-2021-40121 is a vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software that could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
What is the severity of CVE-2021-40121?
The severity of CVE-2021-40121 is medium with a CVSS score of 4.8.
How does CVE-2021-40121 affect Cisco Identity Services Engine?
CVE-2021-40121 affects multiple versions of Cisco Identity Services Engine (ISE) Software, including version 2.6 and 2.7.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-40121?
The CWE ID for CVE-2021-40121 is CWE-79, which represents cross-site scripting (XSS) vulnerabilities.
How can I fix CVE-2021-40121?
To fix CVE-2021-40121, it is recommended to upgrade to a fixed version of Cisco Identity Services Engine (ISE) Software.

collector/nvd-index
vendor/cisco
canonical/cisco identity services engine
version/cisco identity services engine/2.6
version/cisco identity services engine/2.6\(0.156\)
version/cisco identity services engine/2.6\(0.999\)
version/cisco identity services engine/2.6.0
version/cisco identity services engine/2.6.0-patch1
version/cisco identity services engine/2.6.0-patch2
version/cisco identity services engine/2.6.0-patch3
version/cisco identity services engine/2.6.0-patch5
version/cisco identity services engine/2.6.0-patch6
version/cisco identity services engine/2.6.0-patch7
version/cisco identity services engine/2.6.0-patch8
version/cisco identity services engine/2.6.0-patch9
version/cisco identity services engine/2.7
version/cisco identity services engine/2.7\(0.207\)
version/cisco identity services engine/2.7\(0.356\)
version/cisco identity services engine/2.7\(0.903\)
version/cisco identity services engine/2.7.0
version/cisco identity services engine/2.7.0-patch1
version/cisco identity services engine/2.7.0-patch2
version/cisco identity services engine/2.7.0-patch3
version/cisco identity services engine/2.7.0-patch4
version/cisco identity services engine/3.0\(0.458\)
version/cisco identity services engine/3.0.0
version/cisco identity services engine/3.0.0-patch1
version/cisco identity services engine/3.0.0-patch2