CVE-2019-1659

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions 2.2 through 3.4.0

Description A vulnerability in the Identity Services Engine (ISE) integration feature could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel established between ISE and Cisco Prime Infrastructure. This is due to improper validation of the server SSL certificate when establishing the SSL tunnel with ISE. An attacker could exploit this by using a crafted SSL certificate and then intercept communications between the ISE and Cisco Prime Infrastructure, potentially viewing and altering sensitive information about connected clients.

Recommendations For Cisco Prime Infrastructure versions 2.2 through 3.4.0, consider disabling the ISE integration feature until a patch is available to prevent man-in-the-middle attacks. Restrict access to the SSL tunnel establishment process to minimize the risk of exploitation. Avoid using the vulnerable SSL certificate validation mechanism in the ISE integration feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.