CVE-2018-0413

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine (ISE) (affected versions not specified)

Description: The issue is related to insufficient authentication checks for executed requests in the web-based management interface, allowing a remote attacker to perform a cross-site request forgery (CSRF) attack. This could enable the attacker to execute arbitrary actions on the affected device by persuading a user to follow a specially crafted link. The attacker could then perform actions with the privileges of the user via a web browser.

Recommendations: For all affected versions, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, avoid using links from untrusted sources to minimize the risk of exploitation. Restrict user privileges to minimize the impact of a potential attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.