CVE-2019-1941

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) versions prior to 2.4.0 Patch 9 Cisco Identity Services Engine (ISE) versions prior to 2.6.0

Description A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The issue exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this by persuading a user to click a malicious link, potentially allowing the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Recommendations For versions prior to 2.4.0 Patch 9, update to 2.4.0 Patch 9 or later. For versions prior to 2.6.0, update to 2.6.0 or later. As a temporary workaround, consider restricting access to the web-based management interface until a patch is applied.