CVE-2018-0221

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine (ISE) (affected versions not specified)

Description: A vulnerability exists due to incomplete input validation of user input for certain CLI ISE configuration commands, allowing an authenticated, local attacker with valid administrator credentials to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker can exploit this by issuing a specific CLI command and entering crafted, malicious user input for the command parameters, potentially allowing command injection to the lower-level Linux operating system or causing the ISE user interface to hang or disconnect.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.