PT-2017-17255 · Cisco · Cisco Identity Services Engine
Published
2017-07-04
·
Updated
2017-07-07
·
CVE-2017-6701
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Identity Services Engine (ISE) version 2.1(102.101)
Description
A stored cross-site scripting (XSS) attack can be conducted by an unauthenticated, remote attacker against a user of the web interface of an affected system, due to a vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal.
Recommendations
For version 2.1(102.101), update to a version that includes the fix for the issue, as the current version is affected by the stored XSS vulnerability.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Identity Services Engine