CVE-2017-6734

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) Software versions 1.3(0.909) through 2.1(0.800)

Description A cross-site scripting (XSS) issue exists in the web-based management interface of the software, specifically related to the Guest Portal. This could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web interface of an affected device.

Recommendations For versions 1.3(0.909) through 2.1(0.800), consider disabling access to the Guest Portal as a temporary workaround until a patch is available. Restrict access to the web-based management interface to minimize the risk of exploitation.